AUTHENTICATED , 
US. GOVERNMENT 
INFORMATION ^ 


S. Hrg. 113-702 

IDENTIFYING CRITICAL FACTORS FOR SUCCESS 
IN INFORMATION TECHNOLOGY ACQUISITIONS 


HEARING 

BEFORE THE 


COMMITTEE ON 
HOMELAND SECURITY AND 
GOAH]RNMENTAL AFFAIRS 
UNITED STATES SENATE 

ONE HUNDRED THIRTEENTH CONGRESS 

SECOND SESSION 

MAY 8, 2014 


Available via the World Wide Web: http://www.fdsys.gov/ 
Printed for the use of the 

Committee on Homeland Security and Governmental Affairs 



U.S. GOVERNMENT PUBLISHING OFFICE 
89-681 PDF WASHINGTON : 2015 


For sale by the Superintendent of Documents, U.S. Government Publishing Office 
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 
Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 


COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AEFAIRS 


THOMAS R. CARPER, Delaware Chairman 


CARL LEVIN, Michigan 
MARK L. PRYOR, Arkansas 
MARY L. LANDRIEU, Louisiana 
CLAIRE McCASKILL, Missouri 
JON TESTER, Montana 
MARK BEGICH, Alaska 
TAMMY BALDWIN, Wisconsin 
HEIDI HEITKAMP, North Dakota 


TOM COBURN, Oklahoma 
JOHN McCAIN, Arizona 
RON JOHNSON, Wisconsin 
ROB PORTMAN, Ohio 
RAND PAUL, Kentucky 
MICHAEL B. ENZI, Wyoming 
KELLY AYOTTE, New Hampshire 


Gabrielle a. Batkin. Staff Director 
John P. Kilvington, Deputy Staff Director 
Jonathan M. Kraden, Senior Counsel 
Keith B. Ashdown, Minority Staff Director 
Kathryn M. Edelman, Minority Senior Investigator 
Laura W. Kilbride, Chief Clerk 
Lauren M. Corcoran, Hearing Clerk 


(II) 



CONTENTS 


Opening statements: Page 

Senator Carper 1 

Senator Coburn 3 

Prepared statements: 

Senator Carper 46 

WITNESSES 
Thursday, May 8, 2014 

Hon. Daniel M. Tangherlini, Administrator, U.S. General Services Adminis- 
tration 4 

Steven L. VanRoekel, U.S. Chief Information Officer, U.S. Office of Manage- 
ment and Budget 6 

David A. Powner, Director of Information Technology Management Issues, 

U.S. Government Accountability Office 8 

Daniel J. Chenok, Executive Vice Chair, Industry Advisory Council, American 

Council for Technology and Industry Advisory Council 26 

Karen S. Evans, Partner, KE&T Partners, LLC 28 

Alphabetical List of Witnesses 

Chenok, Daniel J.: 

Testimony 26 

Prepared statement with attachment 79 

Evans, Karen S.: 

Testimony 28 

Prepared statement 99 

Powner, David A. : 

Testimony 8 

Prepared statement 59 

Tangherlini, Hon. Daniel M.: 

Testimony 4 

Prepared statement 47 

VanRoekel, Steven L.: 

Testimony 6 

Prepared statement 53 

APPENDK 

Chart referenced by Senator Carper 107 

Chart referenced by Senator Carper 108 

The hearing referenced by Senator Coburn 109 

Responses for post-hearing questions for the Record from: 

Mr. Tangherlini Ill 

Mr. VanRoekel 116 

Mr. Powner 130 


(III) 




IDENTIFYING CRITICAL FACTORS FOR 
SUCCESS IN INFORMATION TECHNOLOGY 
ACQUISITIONS 


THURSDAY, MAY 8, 2014 

U.S. Senate, 

Committee on Homeland Security 
AND Governmental Aefairs, 

Washington, DC. 

The Committee met, pursuant to notice, at 10:04 a.m., in room 
SD-342, Dirksen Senate Office Building, Hon. Thomas R. Carper, 
Chairman of the Committee, presiding. 

Present: Senators Carper and Coburn. 

OPENING STATEMENT OF CHAIRMAN CARPER 

Chairman Carper. Good morning, everyone. The hearing will 
begin. 

Dr. Coburn, our witnesses, our guests, I want to start off by just 
thanking you for joining us today, for your testimonies and your 
willingness to respond to our questions. My thanks to Dr. Coburn 
and his staff, as well, for helping us to put this hearing together 
as part of our ongoing Committee effort to improve how Federal 
agencies acquire, implement, and manage information technology 
(IT). 

It is a topic near and dear to my heart. I know it is something 
that is near and dear to Senator Coburn’s heart, something he has 
worked on, I have worked on for a number of years as we took 
turns leading what was the former Federal Financial Management 
Subcommittee. During our time in the Senate, we have heard about 
and chaired hearings on a number of successful IT projects. I have 
also, unfortunately, worked with my colleagues to determine what 
went wrong with a number of failed projects. 

One example of a successful government IT project is the West- 
ern Hemisphere Travel Initiative, which went into effect in 2007. 
The program addressed one of the main 9/11 Commission findings, 
and that is before September 11, 2001, people could show a border 
official one of hundreds of different kinds of documents in order to 
enter the United States at land borders and ports of entry (POE), 
making it difficult for officials to identify fraudulent documents. 
Since 2007, people trying to enter our land ports must present a 
Department of Homeland Security (DHS)-approved secure card 
that communicates with Customs and Border Protection (CBP) 
equipment to prove their citizenship. The project required that 
Customs and Border Protection modernize its ports of entry infra- 

( 1 ) 



2 


structure and IT systems in order to enable the use of technology, 
which it did successfully within 2 years. The program is still going 
strong today and has proven to be a very smart investment. In fact, 
they continue to improve it. 

Some examples of failed projects include USAJobs, which is run 
by the Office of Personnel Management (0PM), along with the Fed- 
eral Bureau of Investigation (FBI) digital case management system 
called Sentinel, and, of course, the failed launch of HealthCare.gov. 
With regard to HealthCare.gov, the Administration was, fortu- 
nately, able to get things turned around quickly. More than eight 
million people — have signed up for insurance, and a number of 
them through HealthCare.gov. But, the stand-up, I think we will 
all agree, was abysmal, at least initially. 

Most struggling IT projects do not get the type of response or 
media attention that we saw with HealthCare.gov, a team of ex- 
perts rushing in to try to set things straight. Rather, what typically 
happens is that we continue to sink more money into these pro- 
grams as they sputter along. 

Now, the simple truth is that every organization, be it a Federal 
agency or a Fortune 500 company, faces a host of challenges in im- 
plementing large IT projects. We faced plenty of challenges in my 
last job as Governor. We are not always successful, either. But, 
from where I sit, it appears to me that the Federal Government 
seems to have more problems than the private sector, or it may 
seem that way because the government’s problems are more fre- 
quently on the front page of the paper, given that they are paid for 
with taxpayer dollars. 

Today’s hearing will explore the challenges that organizations 
both in government and in the private sector face in implementing 
IT systems. It will also examine the steps agencies need to take in 
order to be successful. Several of our witnesses today have signifi- 
cant experience working in the private sector, so I am especially in- 
terested in hearing about the similarities and differences between 
the government and industry. Most importantly of all, I am also in- 
terested in hearing about what lessons Federal agencies can learn 
from how industry implements IT. I also want to hear from our 
witnesses about what successes look like and what our agencies 
need to do to increase the likelihood that an IT project will succeed. 

As I oftentimes quote former Federal Reserve Vice Chairman 
Alan Blinder, now back at Princeton teaching economics, he once 
advised us in terms of how to reduce budget deficits, how to espe- 
cially rein in the growth of health care costs, he said, find out what 
works and do more of that. Pretty good advice, not just on health 
care, but on a lot of other things, as well. 

Agencies need to get to the point where they succeed more often 
than not. But, all of us need to acknowledge that there will always 
be projects that, despite our best intentions, wind up failing. When 
that happens, we need to make sure agencies know how to pick up 
the pieces, avoid squandering the money we entrust to them on 
projects that should be scrapped. 

With that having been said, we are glad you are here. Senator 
Coburn and I look forward to this. There is legislation out of the 
House — I think it is called the Federal Information Technology Ac- 
quisition Reform Act (FITARA) — that Congressman Issa and others 



3 


are pushing and it has been reported out of the House. This is a 
very helpful hearing for us to craft what we believe we should leg- 
islate and what we should do in response to and hopefully work 
with the House to pass legislation that will help save some money 
and provide better service for the folks we work for. Thanks very 
much. Senator Coburn. 

OPENING STATEMENT OF SENATOR COBURN 

Senator Coburn. Well, thank you, Mr. Chairman, and welcome 
to all of you. I appreciate your hard work. 

IT is one of the areas where we waste more money than any 
other area in the government, except the Pentagon when you take 
IT out. Let us put the other one up first. 

Twenty years ago. Bill Cohen, the Ranking Member on this Com- 
mittee, had a hearing. ^ My question is, what has changed? We still 
waste about 50 percent of all the money we spend on IT, and the 
question we have to be asking ourselves is, why? 

Twenty years later, we find ourselves sitting here having a dis- 
cussion. Some things have changed. We have better leadership 
now. Mr. Tangherlini, what you are doing, I congratulate you. I 
have all the confidence in the Office of Management and Budget 
(0MB). I have some disappointment on the data center stuff, which 
I will talk about in the questions. The one thing that also has 
changed is we are wasting more money now than we did back then 
on IT. 

We are starting to put some good reforms in place, which I con- 
gratulate all of you on. 0MB set a goal 4 years ago of closing 40 
percent of the Federal data centers and saving $3 to $5 billion by 
the end of 2015. We are not there yet. Are we making progress? 
Yes. Do we need to make more progress sooner? Yes. There is not 
the tracking that needs to go on, according to the Government Ac- 
countability Office (GAO). 

I would tell you, I think every Member of this Committee sup- 
ports OMB’s initiative and effort and wants it to succeed, and as 
Chairman Carper mentioned, that is why we reported a bill, the 
Federal Data Center Consolidation Act by Senators Bennet, Ayotte, 
and Chairman Carper and myself, to enhance the consolidation ini- 
tiative and improve the quality of data. Greater transparency, clear 
metrics, and strong oversight, and not just by us but by 0MB, of 
the agencies, can make this consolidation one of OMB’s biggest suc- 
cesses in terms of dollars, but also in terms of how it impacts the 
rest of the Federal Government. GAO, in their recent report, now 
says that the initiative has the potential to save far more than the 
early estimates, far more, $10 billion over the next decade. 

We are going to hear about some new plans today from 0MB and 
the General Services Administration (GSA). I am excited for that. 
What I do not want is for us, all of us, to lose focus on a good set 
of initiatives that are in place, making progress, and saving money. 

So, I welcome you here. I have some concerns that I will elevate 
and discuss in the question period. But, we have a pretty good 
start. It can be better, and we will focus on that. 

Mr. Chairman, thank you for holding this hearing. 


^The hearing referenced by Senator Coburn appears in the Appendix on page 109. 



4 


Chairman Carper. Thank you, Dr. Cohurn. 

I would just say, this is certainly about saving money, and there 
are a lot of cooperative efforts underway — to do that. It is a great 
way to provide better service. A good example is the Veterans Ad- 
ministration (VA). We have these huge backlogs. We had these 
huge backlogs — they are still pretty big — for veterans applying for 
disability under the VA, and it had huge backlogs. We had, basi- 
cally, a paper system and we have a lot of folks who had been try- 
ing to get disability pensions because of Agent Orange, a huge 
backlog there, a huge backlog just because people were looking for 
a way to supplement their income in the worst recession since the 
Great Depression. So, that made a bad situation even worse. But, 
we are using technology and using that technology to whittle down 
the backlog list. We are making very good progress, and that is an 
important thing. 

Another area where we are trying to save some money, but also 
to provide better service, is we have people that are on active serv- 
ice in the Department of Defense (DOD). They operate under one 
kind of electronic health record. Over here in the VA, they have a 
different kind of electronic health record. They do not talk to each 
other, not interoperable, and there is a great effort underway to 
make sure that they are interoperable. So that when someone 
leaves active duty and moves to veteran status, they can do so in 
a seamless way and we can provide better health care at less cost 
to our veterans. 

So, it works in a lot of ways. There are some good success stories 
out there. There are some that could be a good success story. We 
want to figure out how we can work together to make sure there 
are a lot more success stories. 

I am not going to introduce everyone individually. You all have 
been good enough to come before us before. We are delighted that 
you are here today. We appreciate your work very much. 

Dan, I am going to ask you to lead us off, and then Steven and 
David, if you would, please. Thanks so much. 

TESTIMONY OF THE HONORABLE DANIEL M. TANGHERLINI,i 
ADMINISTRATOR, U.S. GENERAL SERVICES ADMINISTRATION 

Mr. Tangherlini. Thank you very much, and good morning. 
Chairman Carper, Ranking Member Coburn, Members and staff of 
the Committee. My name is Dan Tangherlini and I am the Admin- 
istrator of the U.S. General Services Administration. 

Before focusing on the topic of today’s hearing, I would like to 
take a moment to introduce to the Committee our new Deputy Ad- 
ministrator, Denise Roth, who, among other duties as our Chief 
Operating Officer (COO), will be working on internal GSA IT 
issues. 

The challenges of technology procurement and delivery facing the 
government have been a focus for better management and over- 
sight throughout this Administration. Given GSA’s mission, to de- 
liver the best value in real estate, acquisition, and technology serv- 
ices to the government and the American people, we believe we are 
uniquely positioned to help make a difference in these efforts. 


^The prepared statement of Mr. Tangherlini appears in the Appendix on page 47. 



5 


Through better management of our own IT investments as well as 
offerings GSA provides governmentwide, GSA can support the Ad- 
ministration’s efforts to better manage IT and to continue improv- 
ing some of the longstanding challenges. 

Since my arrival at GSA, we have been focused on consolidating 
and streamlining major functions within the agency to eliminate 
redundancy, improve oversight, and increase accountability. As 
part of GSA’s top-to-bottom review, GSA brought together all IT 
functions, budgets, and authorities from across the agency under 
an accountable, empowered GSA Chief Information Officer (CIO) in 
line with the best practices followed by many modern organizations 
today. 

GSA now has one enterprise-wide process for making IT invest- 
ments, which ensures that investments are geared toward the 
highest priorities in support of the agency’s strategic goals. We 
have set internal goals to reduce ongoing operating costs to allow 
the organization to make better long-term investments using our 
enterprise- wide, data driven, zero-based IT budgeting process. 

Consolidation also provides an opportunity to adopt the best for- 
ward-leaning practices in supporting investments. In recognition of 
the need to modernize not just applications, but how we support IT 
and consistent with broader Federal efforts, GSA instituted a 
cloud-first policy that prompts all application development initia- 
tives to look first to the GSA cloud platforms available as tech- 
nology solutions before evaluating legacy platforms with higher op- 
erating costs. 

The focus of our transition has not been limited to what we build 
but also how we build it. Our move to an agile development shop 
has resulted in a significant increase in our ability to rapidly de- 
ploy and scale. Consolidated IT governance is also helping GSA re- 
alize a high-performing IT environment as effectively and effi- 
ciently as possible while also providing a level of transparency and 
accountability that will lead to continuous ongoing improvement. 

GSA also looks for opportunities to help agencies adopt new tech- 
nologies and take advantage of digital services that improve mis- 
sion delivery and enhance their interactions with the public. GSA 
helps to ensure that we have tools that allow the government to 
access the ingenuity of the American people to help solve govern- 
ment’s challenges. 

GSA manages Challenge.gov, an award winning platform to pro- 
mote and conduct challenge and prize competitions government- 
wide. We are also leading efforts to open government data to entre- 
preneurs and other innovators to fuel development of products and 
services that drive economic growth. GSA operates Data.gov, the 
flagship open government portal which enables easy access to and 
use of more than 90,000 data collections from over 180 government 
agencies. 

In addition, GSA recently announced the creation of 18F, a dig- 
ital delivery team within GSA that aims to make the government’s 
digital and web services simpler, more effective, and easier to use 
to the American people. By using lessons from our Nation’s top 
technology startups, these public service innovators are looking to 
provide support for our Federal partners in delivering better digital 



6 


services at reduced time and cost and making the government a 
better consumer of IT services. 

GSA’s internal IT reforms, acquisition solutions, and digital serv- 
ices are in keeping with our mission to deliver the best value in 
information technology solutions to the government and the Amer- 
ican people. GSA still has a lot of work ahead of us and I am grate- 
ful for the Committee’s support of our reform efforts. 

I appreciate the opportunity to appear before you here today and 
look forward to any questions that you might have. Thank you. 

Chairman Carper. Thank you, Dan. There will be some ques- 
tions. 

Steve, you are up. Thank you so much. 

TESTIMONY OF STEVEN L. VANROEKEL,i U.S. CHIEF INFORMA- 
TION OFFICER, U.S. OFFICE OF MANAGEMENT AND BUDGET 

Mr. VanRoekel. Thank you, sir. Chairman Carper, Dr. Coburn, 
Committee staff, thank you for the opportunity to testify before you 
today about the best practices and factors for successful acquisition 
and implementation of Federal information technology. 

During my nearly 20 years in the private sector, I woke up every 
day focused on improving and expanding core services and cus- 
tomer value while also cutting costs. I brought this focus with me 
to the Federal Government. When I joined the Administration in 
2009, and the Office of Management and Budget in 2011, I found 
willing partners in this mission and have spent the past 3 years 
at 0MB focused on driving innovation to meet customer needs, 
maximizing our return on investments in Federal information tech- 
nology, and establishing a trusted foundation for securing and pro- 
tecting our information systems. 

Constantly improving the state of Federal technology is a priority 
for this Administration and a mission that 0MB takes very seri- 
ously. In these times of fiscal constraint, this means we must drive 
innovation while controlling spending by maximizing effectiveness 
and efficiency in everything we do. 

The Administration’s first term efforts largely focused on estab- 
lishing mechanisms to stop the growth of IT spending, promoting 
new technology such as cloud computing, mobile, opening up Fed- 
eral Government data for private sector use, enhancing cyber capa- 
bilities, and deploying Federal technology as a tool to increase effi- 
ciency and allow government to do more with less. 

In the decade prior to this Administration, the Federal IT budget 
increased at the Compound Annual Growth Rate of 7.1 percent a 
year. If spending increased at the same rate during this Adminis- 
tration, our current IT budget request would total $117 billion. 
However, through our PortfolioStat data-driven accountability ses- 
sions, Federal agencies enhance their analytical approaches to 
more effectively manage their IT and improve IT cost oversight. 
The result is over $2.5 billion of identified cost savings and $1.9 
billion of realized savings through the PortfolioStat process. 

During this Administration, we flatlined Federal IT spending, 
driving efficiencies and fueling innovation across the Federal tech- 
nology portfolio through initiatives like data center consolidation. 


^The prepared statement of Mr. VanRoekel appears in the Appendix on page 53. 



7 


cloud computing, and the Administration’s Digital Government 
strategy, all the while working to keep Federal data safe and se- 
cure. 

One of the pillars of the President’s Management Agenda is a 
focus on increased effectiveness, finding ways to deliver world class 
customer services to citizens and businesses. Our efforts underway 
on Smarter IT delivery are a key part of this work. To deliver citi- 
zens the services they expect from their government, we must shift 
the focus of Federal Government IT projects from compliance and 
process to meeting user needs. We must be intensely user-centered 
and agile, involve top talent from the private sector in government 
IT projects, and ensure agency leadership is actively engaged and 
accountable to the public for the success of the digital services of 
their agency. 

To support this effort, the Administration’s Smarter IT Delivery 
Agenda focuses on ensuring the Federal Government has, one, the 
best talent working inside government; two, the best companies 
working with the government; and, three, the best processes in 
place to make sure everyone involved can do their best work and 
be held accountable for delivering excellent results for the Amer- 
ican people. This agenda aims to increase customer satisfaction 
with top government digital services, decrease the percentage of 
Federal Government IT projects that are delayed or over-budget, 
and increase the speed by which we hire and deploy qualified tal- 
ent and vendors to work with government on these IT projects. 

As in any organization, public or private, IT excellence starts 
with having the best people executing the IT. While there are 
many talented IT professionals across our government, it is clear 
we need to broaden and deepen this talent pool to meet present 
and future needs. 

To this end, we are building a new capability called the Digital 
Service. The Digital Service will be made up of a modest team of 
some of our country’s best digital experts. This team will be housed 
in my office at 0MB and it will be charged with proactively estab- 
lishing standards to bring the government’s digital services in line 
with the best private sector experiences, define common platforms 
for re-use that will provide a consistent user experience, collaborate 
with agencies to identify gaps in their delivery capacity, and pro- 
vide oversight and accountability to ensure we see results. 

The Digital Service is a close partnership with the 18F delivery 
team at GSA and will work side-by-side with agencies to ensure 
they have the resources and talent that they need to deliver great 
services on time, on spec, on budget, with optimal user 
functionality. 

In conclusion, it is apparent that in today’s world, we can no 
longer separate the outcomes of our Federal programs from the 
smart use of technology. By increasing an emphasis on customer 
need and making it faster and easier for individuals and businesses 
to complete transactions with the government, online or offline, we 
can deliver the world class services that citizens expect. 

Mr. Chairman, Dr. Coburn, thank you for holding this hearing 
and inviting me to speak today, and I appreciate the Committee’s 
interest and ongoing support. I am excited to continue our dialogue 
in questions today. Thanks. 



8 


Chairman Carper. All right. Thank you, Steve. 

David, please proceed. 

TESTIMONY OF DAVID A. POWNER,i DIRECTOR OF INFORMA- 
TION TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERN- 
MENT ACCOUNTABILITY OFFICE 

Mr. PowNER. Chairman Carper, Dr. Coburn, we appreciate the 
opportunity to testify on how the Federal Government can better 
manage its annual $80 billion investment in information tech- 
nology. 

Of this $80 billion, about three-quarters is spent on operational 
or legacy systems and the remaining goes toward new develop- 
ment. Therefore, it is vitally important that new systems acquisi- 
tions are managed effectively and that the government finds more 
efficient ways to deliver existing services. 

Over the past 5 years, 0MB has initiated excellent efforts to do 
just that. This morning, I would like to highlight four significant 
initiatives: Data center consolidation, PortfolioStat, the IT Dash- 
board, and TechStat sessions. For each of these, I will highlight ac- 
complishments to date, but also what needs to be done to get even 
more out of these initiatives. I will also discuss the report we are 
releasing at your request, Mr. Chairman, on incremental develop- 
ment. 

Starting with data center consolidation, 0MB started a data cen- 
ter consolidation effort in 2010 to address the government’s low 
server utilization rates, estimated, on average, at 10 to 15 percent, 
far from the industry standard of 60 percent. This effort was also 
to result in $3 billion in savings across all departments. Our ongo- 
ing work shows that the number of centers is now more than 
10,000. About 750 have been closed or consolidated to date. Over 
$1.3 billion in savings has resulted, and agencies estimate another 
$3 billion in savings in fiscal years 2014 and 2015. Therefore, ex- 
pected savings through 2015 should be around $4.5 billion. 

Chairman Carper. Is that cumulative? 

Mr. PowNER. Yes, that is cumulative. Now, if you go beyond 
2015, Mr. Chairman, you are in that $10 billion price range that 
you mentioned. Dr. Coburn. 

Better transparency on the savings is needed, in our opinion, and 
the legislation this Committee has introduced would do just that. 

0MB recently expanded the data center consolidation effort into 
a larger initiative called PortfolioStat to eliminate additional dupli- 
cative spending in administrative and business systems. 0MB re- 
ports that agencies have achieved about $2 billion in savings on 
this initiative through 2013. The target, based on our work going 
out to each agency, is actually $5.5 billion, and there are over 200 
PortfolioStat initiatives that agencies are currently working on to 
eliminate duplicative spending. It is critical that these 200 initia- 
tives are driven to closure so that the $5 billion in savings can be 
achieved. 

Now, turning to initiatives that help better manage large IT ac- 
quisitions. The IT Dashboard was put in place to highlight the sta- 
tus and CIO assessments of approximately 750 major IT invest- 


^The prepared statement of Mr. Powner appears in the Appendix on page 59. 



9 


ments across 27 departments. The accuracy of the department has 
improved over time, with certain agencies reporting more accu- 
rately than others. Here is what the l5ashboard tells us. Of the 750 
major investments, about 560 are in green status, 160 are in yel- 
low, and 40 are in red, so there are about 200 projects where the 
government will spend about $12 billion that are at risk and need 
attention. Only eight agencies report red, or high risk, projects. 
Nineteen agencies do not have high-risk investments. 

Mr. Chairman, there are three things that need to happen to 
make the IT Dashboard a better accountability mechanism. First 
of all, all major investments need to be listed on the Dashboard. 
Our work has shown that several investments, like the Department 
of Energy (DOE) supercomputers, are not listed on the Dashboard. 
Ratings need to be even more accurately reported. There are clear- 
ly more than 200 projects that are medium-or high-risk. 

And, 0MB and agencies need to aggressively govern the at-risk 
investments using TechStat sessions. 0MB held about 80 TechStat 
sessions and had great results that included scaling back and even 
terminating failing projects. 0MB subsequently empowered CIOs 
to hold TechStat sessions with their respective agencies, a move we 
agree with, but we also strongly think that 0MB should hold 
TechStat sessions on a selected basis for either troubled projects or 
projects that are top national priorities. 0MB recently told us that 
they only held two TechStat sessions in 2013. This is clearly not 
enough. Agencies also need to better use IT acquisition best prac- 
tices that include executive involvement in getting your require- 
ments right early. 

Finally, a major aspect of the IT reform plan of 2010 called for 
agencies to deliver in smaller increments to be successful. Our 2011 
report on successful acquisitions proved this as all seven examples 
were increments of larger projects. The report we are releasing 
today shows that three-quarters of the IT acquisitions are not plan- 
ning to deliver within 6 months, and less than half plan to deliver 
within the year. Therefore, we still have too many “big bang” 
projects that do not deliver anything for years and, therefore, run 
a high risk of failure. 

Chairman Carper, Dr. Coburn, thank you for your continued 
oversight of these issues. We look forward to working further with 
you. 

Chairman Carper. Thanks so much. 

Would you go back to the beginning of your statement. There 
was a sentence near the beginning where the letters “0MB” ap- 
peared and the word “excellent” appeared. Would you go back and 
read that sentence again. 

Mr. PowNER. Yes. 0MB has initiated excellent efforts to do just 
that, and they are. These are all great initiatives. All four of them 
are tremendous initiatives. The key is to drive them to closure so 
that we get the savings that are currently on the table. Data center 
consolidation: the goal was $3 billion through 2015. Agencies are 
telling us they can save $4.5 billion through 2015, and if you go 
out to about 2018, it is about $10.5 billion on the table. 

Chairman Carper. And you have already said this before, but in 
terms of what needs to be done to make sure we reach that goal — 
just run through, if you will, some of your recommendations. It is 



10 


one thing to launch excellent initiatives. It is another thing to actu- 
ally realize them. But, just highlight for us again some of the steps 
that need to be taken to make sure that we realize the promise. 

Mr. POWNER. Well, what is very good on data center consolida- 
tion, it is publicly available that you could look at the closures to 
date 

Chairman Carper. Yes. 

Mr. PoWNER [continuing]. And there are great success stories. I 
can tell you about some of the closures that 

Chairman Carper. Good. Some of the other initiatives beyond 
the consolidation of the data centers, please. 

Mr. PowNER. Oh, beyond the data centers? 

Chairman Carper. Yes. 

Mr. PowNER. Well, if you look at the TechStat sessions, the IT 
Dashboard, a number of things with the IT Dashboard. You have 
to get all investments on the IT Dashboard. There are some invest- 
ments that are listed as non-major that are huge dollars that are 
not listed. DOE’s supercomputers are not listed on the Dashboard. 
There are satellite programs that should be listed on the Dash- 
board. 

So, first of all, we have to get everything on the Dashboard. A 
good example is DOD, for a long period of time they only listed 93 
major investments on the Dashboard. The Senate Armed Services 
Committee (SASC) held a hearing a couple months ago. It was 
highlighted that a number of investments were not on the Dash- 
board. They report 118 today. Ninety-three to 118, great progress. 
So, we have to get them all on there. 

We have to get accurate assessments on the Dashboard, and then 
we need to use TechStat sessions to fix failing projects or projects 
that are in trouble. The 80 TechStat sessions that 0MB initiated 
in the 2010 and 2011 timeframe, it was excellent. There were some 
projects that were descoped, turned around. A few were termi- 
nated. It was very successful in terms of focusing on large-scale IT 
acquisitions and fixing it. We need to go back to doing more of that. 

Chairman Carper. All right. 

Steven, are you going to sit there and take this? [Laughter.] 

Would you like to say anything? You can accept the praise, or 
just address some of the — I think you would be smart to accept the 
praise, but then say, well, David has some points here and here is 
what we are doing about it. Go ahead. 

Mr. VanRoekel. Yes. He had me at excellent, sir. [Laughter.] 

I think that if you look at the work being done and think about 
how to get the activity we want to see in Federal IT, I am a huge 
fan and have done a lot of work to think about what kind of trans- 
parency mechanisms we are doing. Are we enhancing the IT Dash- 
board? What are we doing there to hold people accountable? 

I think, much like I saw throughout my career in the private sec- 
tor, transparency is one part of it. You also have to set up the right 
incentives to make sure that it yields the behavior you want to see. 
Just simply going out and telling agencies, close X-amount of data 
centers, is an ends, not a means, without telling them, here is how 
to get there. You have to set up the structure, and I will give you 
an example. 



11 


If an agency has two data centers that are right next door to 
each other, share a common wall, say, and I say, close 50 percent 
of your data centers, they will take down the wall in between and 
two suddenly goes to one and they have reduced their total inven- 
tory by 50 percent. 

Instead, what we have been doing is thinking about what are the 
core elements that make closing down a data center so essential. 
It is, how much power are you using? How much square footage is 
this data center? What is your utilization of the data center, and 
all of those things. Because data centers are essential to govern- 
ment, and making sure that we create centers of gravity and ones 
that use low power, that have the lowest costs, that are running 
modern technology is the motivation. 

Just this week, we launched PortfolioStat 2014, so, the new 
PortfolioStat guidance actually went out to agencies yesterday. And 
in that guidance, we actually contain within a whole set of incen- 
tives and key performance indicators (KPI) that basically tell agen- 
cies, one, identify these centers of gravity. Identify a highly opti- 
mized data center. For everything else in your inventory, I either 
want you to shift that to the cloud or I want you to close it down. 
And, the mechanisms and the incentives we have set up are doing 
this. 

I talk to large private sector CIOs — General Electric, Wal-Mart, 
some of those companies. When they talk about consolidating their 
data centers, they will literally say some of their divisions will 
bring forklifts in and pick up their data centers and move them to 
a bigger room, and suddenly, five became one, which does nothing 
to drive down costs or drive efficiency or a different outcome. 

And so what we have done is not only thought about the trans- 
parency — and, by the way, the number of data centers in the inven- 
tory have grown because I expanded the definition to get more — 
I wanted to uncover everything out there to make sure we are not 
growing 

Chairman Carper. Something like that happened with respect to 
improper payments 

Mr. VanRoekel. Exactly. 

Chairman Carper [continuing]. The first improper payments, the 
amount of improper payments grew, it was because agencies were 
finally reporting it and identifying it. 

Mr. VanRoekel. That is right. We are closing, not growing. The 
inventory is growing because the diligence is going up and the 
quality of the inventory is going up. So, I wanted to get everything 
on the table and then make sure that we are bringing all that in 
and the right incentive structures. 

Chairman Carper. Let me just ask you, anything that David 
mentioned in terms of additional steps that need to be taken to en- 
sure that the full potential of these initiatives is realized, is there 
anything that he said that you disagree with? Is there anything 
that he has mentioned here — and this would be for any of you — 
that Dr. Coburn and I, our Committee, the Senate, the House, 
could be helpful in better ensuring that we realize the potential in 
these initiatives? Our response. This is a team sport. We are part 
of the team. 



12 


Mr. VanRoekel. Yes. And, I agree with his point on the power 
and the results that we saw through the TechStat process. What 
we did is, we have a very finite resource in our staff at 0MB. It 
is small, a double-digit number of people on the team, and we have 
a lot of statutory responsibility and a lot of other responsibilities 
we do to formulate the budget and work on lots of other things in 
the interest of Congress. 

What we did to scale that effort was actually go out and train 
employees and agency technical officials on how to run TechStat. 
We have trained over a thousand people in running TechStat and 
it is starting to become a cultural element inside turning around 
projects. 

I think the issue with TechStat is that it is, by its nature, a reac- 
tive motion. It is when something is going wrong, we step in and 
look at things, versus getting in on the front end. Yesterday, I had 
a Senate Appropriations hearing and I talked about supporting our 
fiscal year (FY) 2015 request, which really aims to build capacity 
on my team to get out in front of some of these things and do what 
we have done in a reactive way more proactively with agencies. 

Chairman Carper. OK. The second half of my question, and I am 
over time, but I want to just maybe do it quickly. Our responsibil- 
ities — what can we do? Dr. Coburn and I, our staffs, our colleagues 
here, try to do oversight, and we are told — whenever I ask — a lot 
of times, I ask, well, what can we do to better ensure that we are 
doing the right thing there across the board in all kinds of initia- 
tives that are oftentimes identified by GAO, on their High-Risk 
List, and what we hear again and again is, oversight, oversight, 
oversight. It actually does help. 

But, in terms of what we can do to supplement and increase the 
likelihood that we will be fully successful in these initiatives. We 
will start with you, David. What further should this Committee be 
doing under our leadership? 

Mr. POWNER. Well, first of all, I think your oversight and the 
hearings you hold on troubled projects — it is OK to be red and yel- 
low, but are we doing something about it? And I agree with Steve 
that we need to be proactive, but the reality is, good IT governance, 
you have a lot of programs that get started, then risks come up, 
and there are a lot of risks and you need to deal with them. So, 
that is where the TechStat and strong governance is important and 
your oversight is very important there. 

I do think, because there is so much money on the table with 
data center consolidation, that your legislation is essential. I am 
not certain we are going to get to the $10.5 billion without legisla- 
tion and strong Congressional oversight, where those reports go to 
you on an annual basis and we keep the foot on the gas pedal. 

Chairman Carper. Anything else you want to add to that before 
Dr. Coburn takes over? 

Mr. Tangherlini. I would simply add that there is actually an 
awful lot of good that is happening within Federal IT, and as we 
focus on issues of oversight and as we do reviews, as we even do 
the stats, we should be thinking about the places where we are ac- 
tually succeeding and making progress so that we can more widely 
disseminate and share that experience with agencies so that they 
can model the best behavior, not just have evidence of the worst. 



13 


Chairman Carper. Good. Well, I think this glass is definitely 
half-full, maybe more, and we want to fill it up even more. Dr. 
Coburn. 

Senator Coburn. This is the first hearing I have been to in a 
long time that, really, there are a whole lot more positives than 
there are negatives, and I congratulate you all on it. 

David, there is a discrepancy in terms of what 0MB has labeled 
as high-risk IT projects. I think they have labeled self-reporting 
from a one to a five. They have, like, 40, and I think in your testi- 
mony, it was 200. What is the difference there between you and 
Steve? Why do you see 200 and they see 40, and is it a matter of 
downgrading the risk so that you look better, or is there just a dif- 
ference in the assessment, because that is a 500 percent difference. 

Mr. PowNER. Yes, Dr. Coburn. So, there are about 40 red invest- 
ments on the Dashboard and about 160 yellow, so that is how we 
get to the 200 we deem at-risk investments. There are a lot more 
than 200. That includes DOD reporting zero reds 

Senator Coburn. Yes, which is 

Mr. PoWNER [continuing]. And really not that 

Senator Coburn. Which is ridiculous. 

Mr. PoWNER. Not that many yellow. I will say, though, on the 
importance of Congressional oversight, that I was recently at a 
hearing in front of the SASC. DOD is now committed. Their report 
went from 93 to 118 investments. They have committed now to up- 
date the Dashboard every 6 months, they say, but their process — 
monthly is unrealistic. That is progress. 

They also said — I thought this was very good, DOD — with their 
Enterprise Resource Planning (ERP) history and failure, especially 
with Expeditionary Combat Support System (ECSS), they said, if 
we have an ERP system, we are going to immediately put it as red 
on the Dashboard and manage it appropriately. I think that is ac- 
tually progress, given their history and the failures they have had. 

So, that is where the Dashboard — the 200 is well understated in 
terms of projects that are at risk. There are many more. But, 
again, we do see some agencies moving in the right direction with 
more accurate reporting and doing something about it. 

Senator Coburn. Steve, were you gamed a little bit by some of 
the agencies in terms of downgrading their risk? You allowed them 
to grade it, right? You all did not grade it. 

Mr. VanRoekel. This is self-reported, yes. 

Senator Coburn. Yes. So, have you done anything from a man- 
agement standpoint of saying, hey, guys, here are the real guide- 
lines? 

Mr. VanRoekel. Well, I think the first order of business, much 
like the mentality I would use in the private sector, is that self- 
reporting is not the best mechanism 

Senator Coburn. Right. 

Mr. VanRoekel [continuing]. To track this stuff, and so we put 
into place other mechanisms to do that. The first one is actually 
in the IT Dashboard. It is a feature I added where I can tell if an 
agency is rebaselining, they are moving the goal line on their cost 
or their schedule or things like that. I get, now, an indication if 
that is happening and so we can see. A lot of times in the past, 
we would see someone bright green, but they were moving the goal 



14 


line a lot and then you knew that something was wrong in that 
sense. 

The second thing is the PortfolioStat process actually establishes 
a whole host of key performance indicators that we hold agencies 
accountable to, and most of that, leading up to where we had 
today, because we had to get our arms around the growth of IT 
spend, was really focused on efficiency. It is literally, like, how 
many e-mail systems are you running, because it is unthinkable to 
run more than one. How many mobile contracts do you have? How 
many of this? Kind of rooting out duplication inside the agency. 

In 2014, the guidance that came out this week, we inflect and 
build upon that by adding effectiveness KPI. So, we ask agencies 
to identify, what are your key mission critical investments, like, 
give us the top two or three that we want to make sure that we 
are applying a new playbook to to make sure that you are taking 
21st Century principles and holding them accountable to these key 
performance indicators. So, like I said, it is about those metrics, 
about those indicators, but it has been the incentive structure we 
put behind it to get the behavior we want. 

Senator Coburn. So, having said that, you would expect the 
Dashboard to reflect more and more the numbers that GAO is actu- 
ally reporting on rather than what the self-reporting is? 

Mr. VanRoekel. I anticipate that we will see changes in the IT 
Dashboard over time that pick some of this capability up for sure, 
yes. 

Senator Coburn. All right. In terms of the TechStat, in terms of 
agencies reporting this each month, there is a real lack of perform- 
ance on agencies in terms of meeting that milestone each month, 
just in terms of reporting that. Where are we on that, and what 
have you seen, David — you mentioned it in your testimony — in 
terms of compliance with that? Because as I read the briefing for 
this and read your testimony, it seems that that is one area where 
we are not having much compliance with the agencies. What do 
you see? 

Mr. POWNER. Well, I think it varies across the board. Dr. Coburn, 
and I think some agencies have very strong IT governance proc- 
esses and they hold TechStat-like meetings and always have, even 
prior to TechStat existing. IRS 

Senator Coburn. Do you correlate that at all with a strong CIO 
position? 

Mr. PowNER. Absolutely. DHS, I think the governance processes 
they are trying to roll out, and have been for a few years now, the 
processes are very good. We have written reports, the processes are 
good. Now, we need to implement it on more and more of these 
projects. The Internal Revenue Service (IRS) is another example. It 
is an organization that came off our High-Risk List because they 
have pretty strong leadership. They have strong governance proc- 
esses. 

We see pockets of success, so it can be done, but then we see 
other agencies that we do not get the amount of governance that 
you would expect. That is why we are strong proponents of, and I 
understand Steve is challenged to do a lot of things with his re- 
sponsibilities, but when he kind of hovers in and does a couple 



15 


TechStat, it gets attention and it gets movement in the right direc- 
tion. 

Mr. VanRoekel. One of the goals, one of my agendas related to 
PortfolioStat was not only setting up a data-driven mechanism to 
start going in and understanding Federal IT. When I came to the 
joh in 2011, I could not really tell you what an e-mail hox should 
cost in government. I could not sit down and have a face-to-face 
with an agency and say, boy, you are spending too much, you are 
not on par, things like that. I now have that and I now know that 
because we were able to gather broad sets of data across govern- 
ment and process that in a way. 

Not the secret agenda, but the goal of PortfolioStat, in addition 
to just gathering that data, was I hold a face-to-face meeting with 
the Deputy Secretary and all the C-level executives of the agency 
and we sit down every summer and go through a very long set of 
metrics, KPIs, and talk about the state of affairs within their agen- 
cy. The goal of those sessions is actually to teach an agency, who 
are typically not optimized around management, more optimized 
maybe around the policy agenda they are running — is to teach 
them how to run a private sector Investment Review Board. 

Senator Coburn. Yes. 

Mr. VanRoekel. If you were in a company, you would put all 
your C-level executives. You would have your mission goals up on 
the screen. And then you would dovetail that into, what are our re- 
sources to go execute that mission and what are the tough deci- 
sions we need to make to get there? 

The Government Performance and Results Modernization Act 
(GPRA) coupled with these sessions and some principles that we 
bring in through our policy work, I think, are the combination we 
need to go drive this stuff forward, to teach them how to run this. 
I end up bolstering the authority of not only the CIO in those meet- 
ings, but the acquisition officer, the human capital officer, and it 
really takes the combination of all those people working in — the 
lawyer on the team — working in concert to meet that shared mis- 
sion. 

Senator Coburn. Yes. What is your answer to David’s worry that 
there are not enough TechStat meetings and that the benefits from 
those — I guess what you are saying is, there is a diminishing re- 
turn. When you started this, there was a lot of return for these 
TechStat meetings, and having two in 2013 — David is worried that 
we are not getting as much bang because we are not having as 
many of those and he feels those really drive change within the 
agencies. You have had to put a budget out every year, and the 
year that you spent all this time on this, you were still putting a 
budget out, so I am not inclined to buy the time limitation as much 
as saying you have done it before, why can we not do it now? 

Mr. VanRoekel. With the limited resources on the team, I put 
prioritization behind getting the foundation in place 

Senator Coburn. Which is what you did. 

Mr. VanRoekel [continuing]. Is what I am doing around 
PortfolioStat and other things to make sure that we were not caus- 
ing more TechStats to be had in the future. We had to get the foun- 
dation set up in a way that we could deliver mission solutions. We 
were not in a place when all these TechStats were happening be- 



16 


fore, and what would happen is we just spent all of our time doing 
TechStats. 

Senator Coburn. Yes. 

Mr. VanRoekel. I truly feel, if you have spending under control, 
you consolidate all your commodity computing, you get things 
streamlined in an agency in order to deliver the mission outcomes 
you want to do, you teach them how to run an Investment Review 
Board, you create this sort of virtuous cycle and cultural shift, you 
can then go in and deliver mission solutions in more 21st Century 
ways, and that is what we are 

Senator Coburn. But, does GSA have the capability to help you 
in that area? I would ask you, and then I would ask Dan. I mean, 
do they have the expertise where you can say, hey, guys, come over 
here and help us on this TechStat. 

Mr. VanRoekel. Absolutely. 

Senator Coburn. And you spread your resources by utilizing 
some of them. 

Mr. VanRoekel. Well, where we have utilized our partnership 
mostly with GSA, which I think is core to both of our missions, has 
been looking for those opportunities where, coming out of 
PortfolioStat sessions, coming out of these things, what are the core 
capabilities we should be delivering governmentwide, that we 
should not do it, every agency doing their own thing. 

Senator Coburn. Yes. 

Mr. VanRoekel. We should just do it once. And then, to that 
end, we have done many things, like the Federal Risk and Author- 
ization Management Program (FedRAMP) cloud security program 
has come out and now is run by GSA. The mobile device program, 
we now have a family plan for government, so you can share min- 
utes now across agencies and drive efficiencies that way. And so we 
are doing a lot to partner on that front. 

And then now, I believe, this 18F capability that Dan talked 
about in his testimony is also essential — and we are so friendly, I 
call him Dan — Administrator Tangherlini 

Mr. Tangherlini. Yes. 

Mr. VanRoekel [continuing]. That this capability is essential, 
too, now that we are inflecting and building upon the efficiency 
work to get into effectiveness. 

Senator Coburn. OK. 

Mr. Tangherlini. I would just echo Steve’s comments and say 
that GSA and 0MB actually do have a very collaborative relation- 
ship. Though, we have recognized that there is white space there 
that we can grow into. So, we created the 18F activity to help us 
begin to get the ability to be a better consumer of IT resources by 
having a better understanding of how IT technology is actually de- 
veloped. Having coders and developers on staff is going to make it 
possible for us to help agencies better define their scopes of work 
so that they can be a better consumer of those resources. 

Working very closely with the Office of Federal Procurement Pol- 
icy Office (OFPP), on things like what Steve mentioned, strategic 
sourcing, but also building stronger capabilities, such as our OASIS 
contract, our services contract, that allows agencies to buy things 
once and well, and rather than putting an awful lot of effort into 
the actual acquisition activity, they can focus more of their effort 



17 


on defining scope and understanding how to better manage that 
contract. 

So, I think that those are some of the ways we are working to- 
gether, but we do believe that there are many opportunities for us 
to partner more closely. 

Senator Coburn. But, 18F is really small scale projects. 

Mr. Tangherlini. Eighteen-F is really small scale projects be- 
cause it is really small scale. 

Senator Coburn. Yes. 

Mr. Tangherlini. But, it helps agencies begin to think about 
better ways to approach much larger projects and 

Senator Coburn. But, a case can be made, for the hard, big dol- 
lar projects, a TechStat intervention, I would call it, can be very 
beneficial, and I think that was Dave’s point. I mean, how many 
TechStat meetings have happened at DOD in the last year? 

Mr. VanRoekel. That is a better question for DOD on specifics, 
because we train people to run 

Senator Coburn. I know, but the point is, half of our spending 
on IT really goes through DOD. 

Mr. VanRoekel. Yes. 

Senator Coburn. And, more than half of our waste goes through 
DOD. 

Mr. VanRoekel. I think the key — if I might 

Senator Coburn. Sure. 

Mr. VanRoekel. I think the key is the big projects. Part of the 
cultural transformation we are in, if you were to go to a leading 
private sector company and talk to them about how are they deliv- 
ering solutions, they would never say to you, we are doing big 
projects. Nobody does the big monolithic, I am going to take 3 years 
to ship something, approach. Every time you go to Facebook or 
Amazon.com, you are probably getting a new version of it and not 
even realizing that you are getting a new version. It is just updates 
happen 

Senator Coburn. They are doing continuous process improve- 
ment within their IT. 

Mr. VanRoekel. Something we call agile development versus 
monolithic. The history of government IT has really been defined 
by a waterfall, monolithic approach, and part of the goal here on 
18F, on the work we have been doing and the policy framework, 
the guidelines we are doing, the playbook as part of our smarter 
IT, is all about how do we get out of this compliance waterfall cul- 
ture and do more of an agile culture. 

Senator Coburn. Yes, I agree. 

Mr. VanRoekel. I want to know what agencies can ship in 60 
days, not what they can ship in 3 years. 

Senator Coburn. Yes. I am way over time and I 

Mr. VanRoekel. Sorry. 

Senator Coburn. I guess I take it from you that you are pretty 
tight on — you are going to do the TechStats that you think you 
need to do, and numbers do not matter, outcomes matter. 

Mr. VanRoekel. I think proactivity matters a lot. 

Senator Coburn. OK. 

Mr. VanRoekel. And, I think getting in front of a lot of this stuff 
versus reacting to it is essential. 



18 


[Pause.] 

Senator Coburn. Tom and I just discussed — I have a lot of other 
questions. I am going to put them into written form and then get 
you to answer them back, OK. 

[Pause.] 

Chairman Carper. I am going to ask our staff to put up a couple 
of posters, please. 

The focus of this hearing is to examine the best practices and the 
critical factors that lead to successful acquisition of information 
technology investments. Both GAO and the organizations that Mr. 
Chenok represent — I think he is going to be on our next panel, but 
I think he represents the Industry Advisory Council — have done 
some work on that question. 

I had asked that a couple of posterboards be printed up that list 
the critical success factors that GAO found and the 7-S for Success 
Framework! that Mr. Chenok will testify about in a few minutes. 
But, I would want to ask this panel to comment on these exhibits, 
whether they agree with these findings and any other thoughts 
that you all might have as we try to determine what it takes to 
successfully implement IT projects in the Federal Government. 

The first one that I am looking at here is Common IT Investment 
Acquisition Critical Success Factors.^ It is not a top 10, but it is 
a top 9. I would like for you all just to look down that list, and 
then, if you will, the 7-S for Success Framework that has been pro- 
vided for us and white paper by Mr. Chenok. They are going to be 
releasing it in conjunction, I think, with this hearing. 

But, Ilavid, if you want to lead off and just comment on these 
success factors, if you would, please. 

Mr. POWNER. Yes. I think there is a lot of commonality between 
the two lists, and what this is really about is governance. It starts 
with governance, getting the senior executives engaged on these 
projects. A lot of failures, we do not have executive sponsorship. 
There is a lot up here about having the right staff, having the right 
stakeholders, and that includes the business partners on these IT 
acquisitions, getting your requirements right up front, and then 
there are some things on testing. 

But, I would like to highlight one key point here, Mr. Chairman, 
and it is on No. 6, software development is agile, and piggyback off 
of what Steve said. These common success factors, the nine, they 
were based off of seven projects that were all increments of larger 
projects. So, going small matters. We do not go small enough in the 
Federal Government. 

The IT Reform Plan of 2010 had a requirement that we deliver 
within 12 months. Steve upped the ante at 0MB and said, we are 
going to now require 6 months. So, we did a review — we are releas- 
ing the report today of 90 major IT acquisitions. About a quarter 
of them are planning to deliver within 6 months. Less than half are 
planning to deliver in a year. So, many of these projects go years 
without delivering. 

Steve is absolutely right. We need to go small. That is the big 
difference between government and the private sector. They go 


^The chart referenced by Senator Carper appears in the Appendix on page 107. 
2 The chart referenced by Senator Carper appears in the Appendix on page 108 



19 


smaller much better, OK. When I was in the private sector 10 
years ago, we were doing 90-day deliverables all the time. 

So, what do we do to fix it? In that report, we have a rec- 
ommendation that in their Exhibit 300 process, that agencies — 
there are about 275 of the 760 investments, about 275 are in devel- 
opment, OK, the rest are more in legacy. Two-hundred-and-sev- 
enty-five — it is not that many governmentwide. They should clearly 
identify whether they are delivering in 6 or 12 months, whatever 
we want to pick. I do not care. You can choose either one. And if 
they are not delivering at least within a year, we ought to think 
real hard about whether those projects ought to be funded. That is 
how you would fix it. That would be the solution. 

Chairman Carper. Good. Thanks. 

Same question. I want to ask you to compare these two lists for 
success. As David says, there is a lot of common ground here. 

Mr. VanRoekel. Yes. I think they are very common, and actu- 
ally, we used both of these lists, the 7-S in draft form and the GAO 
recommendations, to inform a lot of the playbook that we estab- 
lished for this new Digital Service effort that we have that is basi- 
cally saying, what are the key performance indicators we want to 
hold agencies to on the mission side. 

I think the thing that takes me, the perspective I have across 
here, is if you read through both of these, you could not just apply 
the title of CIO to this list. I see acquisition elements on here. I 
see people elements on here. I see probably some things that need 
legal interpretation inside agencies on this list. 

One of the challenges we have — but, I think, opportunities we 
have — is really around how do we get this more coordinated effort 
across the C-level executives inside our agencies so they are work- 
ing in concert to the mission outcomes we want to see. Oftentimes, 
I will hear from CIOs that say they walk down the hall and talk 
to their acquisition official and they have some innovative way they 
have thought about delivering some solution that is completely 
within the law in their interpretation, and maybe even another 
agency has done it, but their acquisition person will say no. Or, you 
have some other aspect where you cannot think in this module a 
way to get funding and break a contract down or get your funding 
from your Chief Financial Officer (CFO) established in that way. 
And so there are things I think we need to do in more common 
ways. 

One of the things we are doing this year is we are sort of lovingly 
calling it the TechFAR, which is we are taking case law examples 
of great, successful, kind of 21st Century approaches to acquisition 
and we are compiling them and sharing those with the agencies. 
So, saying, if you want to take this agile approach, here is another 
agency that has done it. Here is the section of the Federal Acquisi- 
tion Requirements they used. Here is how they approached it, and 
maybe even sample contract language they used to do that. 

We also launched, and had an open dialogue with the public the 
last 2 weeks that just closed on Monday, asking innovative small 
companies, what are barriers you are facing when wanting to come 
and do work for the government? Is it reporting requirements? Is 
it barriers to entry to get into the procurement lifecycle and cycle? 
Is it things like that? I did a trip to the West Coast. We had other 



20 


people doing a lot of outreach to get lots of interest in people who 
are not traditionally working with government to research what it 
would take and then give us their perspective on it. We anticipate 
out of that work we are going to have administrative, legislative, 
and possibly some regulatory suggestions on changes we could do 
to drive and lower some of those barriers for those small, innova- 
tive companies to work with government. 

Chairman Carper. All right. Dan, just anything brief in terms 
of lists for success, so what finds favor and maybe what does not? 

Mr. Tangherlini. No, I would like to build on what Steve said, 
if you look at this list and say, this cannot just be a list of “to do’s” 
for a CIO. We have a consolidated, empowered, talented, and fo- 
cused CIO at GSA, but he, too, and his team would fail in deliv- 
ering high-quality IT solutions if he did not have the support of, 
say, from the GAO list No. 3, senior department and agency execu- 
tives supporting the program. He would fail if he did not have No. 

4 and No. 5 from the GAO list, and No. 5 and No. 6 from the 7- 

5 for Success list, which is to constantly work with your end users 
and the people who are actually going to touch the system to know 
whether the system is going to work and meet their needs. 

I also think that No. 4 from the 7-S list is one that does not get 
enough attention, as well, shared technology and business architec- 
ture. There is no reason to continually reinvent the wheel. There 
is no reason why we cannot take the benefits of the billions of dol- 
lars that the taxpayers have already spent on building systems and 
we cannot make them extensible and use them more widely. 

Chairman Carper. I have one more question, but. Dr. Coburn, 
let me just say, I know you said you would submit some questions 
for the record 

Senator Coburn. Yes, I will ask a few more. 

Chairman Carper. Please, go ahead. 

Senator Coburn. David, I want to talk about incremental devel- 
opment, because one of the holes I see is a lack of compliance on 
incremental development. Steven said that is important, except we 
do not see that coming from the agencies. As a matter of fact, 6 
months, hardly any of them are meeting it at all, and then we are 
at a year. So, talk about where you see the hole in terms of com- 
plying with this incremental development idea and what we do 
about it. 

Mr. POWNER. Well, I think we have, and I think Steve put it very 
well, there is a history in the Federal Government to go with the 
waterfall approach. So, this is something new. Change is slow. But, 
if you want to get serious, and I think you stepped out for a second, 
but I will repeat what I said earlier. If you want to really fix the 
incremental — the IT Reform Plan of 2010 said, we are going to do 
everything in 12 months. So, let us get serious about that. 

In the Exhibit 300’s, there are only about 275 major IT acquisi- 
tions when you look at the 760 investments, because a lot of it is 
legacy spend. Take those 275 investments, identify in their Exhibit 
300 on an annual basis what they are delivering within the year. 
If they are not delivering anything, do not fund it. Do not fund it. 

Senator Coburn. So 

Mr. PowNER. That is one way to get serious about it. Now, grant- 
ed, there will be exceptions and waivers. But, if you want to get 



21 


serious about incremental development, you could tackle those 275 
investments. 

Senator Coburn. So, Steve, what is your response to that? 

Mr. VanRoekel. I think 

Senator Coburn. If an agency is not going to be complying in in- 
cremental development, why would you fund them? 

Mr. VanRoekel. I think the key here is to look at, like I have 
said, and I sound like a broken record, not only the, how are we 
tracking this, how are we funding it, but looking at what incentives 
are we putting in place and how are we kind of shaping the system 
of government, the systems behind the scenes, to get Qiis outcome 
that we want. 

We still have a long history of certifying IT professionals in the 
waterfall methodology. So, we are changing that. Our acquisition 
professionals who do acquisitions are kind of pre-programmed to do 
these big monolithic approaches, so we need to change that. That 
is this effort around the TechFAR that I mentioned, where we are 
taking all these examples and getting this community to happen. 
We need companies working with government that know how to do 
this well, because they are all pre-programmed to kind of do these 
big waterfall approaches. So, we are working not only with the in- 
cumbents and saying, what are the incentives we need to do to get 
you to turn these things in this way, but writing requirements in 
a way that foster this, as well as looking at how do we get new 
companies into government that are going to bring these ap- 
proaches. 

Senator Coburn. Given your history prior to government service 
and the fact that I have a son-in-law with a Master’s in computer 
engineering and electrical engineering and works for one of the big 
firms that does this, my observation is big business does not do this 
a whole lot better than government in terms of the stories and the 
tragedies and the failures that I see. 

And, so I want to go back to my point. If, in fact, we believe in- 
cremental management and incremental reporting is an important 
way for us to see milestone development, and also to exclude the 
catastrophes, why are we not putting more pressure on the agen- 
cies? I know you are building the infrastructure, and I get that. 
But at the same time, if we are not going to have some reporting 
6 months or a year of whether we are reaching these milestones, 
they are just not even coming back with the information, we are 
going to have another couple of disasters. 

Mr. VanRoekel. So 

Senator Coburn. It is going to happen. 

Mr. VanRoekel. Mm-hmm. 

Senator Coburn. And, so why would we not have as a policy, 
give us the incremental development? 

Mr. VanRoekel. So, I think the private sector is in an inflection 
where we are starting to see this take hold in even the larger cor- 
porations out there and definitely taking a lot of the best practices 
you saw on these two sheets up here. 

As far as accountability with agencies, PortfolioStat 2014, as I 
mentioned, makes this inflection into effectiveness. It basically says 
for agencies, identify your mission critical investments to us, and 
then we hold them accountable to a set of — ^basically, informed by 



22 


these two sheets — a set of KPIs, key performance indicators, that 
indicate agility, that indicate this modular approach 

Senator Coburn. But they are not reporting 

Mr. VanRoekel. They do — and part of PortfolioStat 2014 is 
quarterly reporting against those KPIs, and so we are holding peo- 
ple accountable with a yearly face-to-face meeting where we sit 
down, as I mentioned, with the C-level executives. So, there is a 
mechanism and process. 

Senator Coburn. So, you are saying you have it covered without 
them — ^you have it covered, even though when we see it from GAO, 
we see a hole in that. 

Mr. VanRoekel. PortfolioStat 2014 launched yesterday, so this 
is a 

Senator Coburn. Yes. So you 

Mr. VanRoekel [continuing]. This is a looking forward. 

Senator Coburn. So you say you are fixing that? 

Mr. VanRoekel. This is a looking forward motion. 

Senator Coburn. OK. All right. 

Mr. VanRoekel. Yes, sir. 

Senator Coburn. Good enough. Thank you. 

Chairman Carper. Thank you, Tom. 

When I look at these factors as laid out by GAO on these 
posterboards and on this coalition that Mr. Chenok represents, 
they appear to center on getting key stakeholders lined up and 
properly incentivized, getting the right people on a project, setting 
up a good review process, as well. 

Our House colleagues. Chairman Issa, Elijah Cummings, and 
Gerry Connolly, introduced an IT reform bill that has passed the 
House, I think by a pretty broad margin. And while we appreciate 
their hard work on the legislation and share many of their same 
goals — ^based on these charts, it is not clear how many of these crit- 
ical success factors can actually be encapsulated in legislation. 

I just want to ask if you have any additional thought. We talked 
about this a little bit earlier in terms of what we can do to be help- 
ful and constructive on the legislative side. Do you have any addi- 
tional thoughts on that and where legislation may be necessary to 
improve Federal agency ability to develop and manage IT systems? 
Steve. 

Mr. VanRoekel. So, I think the challenge, as I mentioned ear- 
lier, is part of this, and many of the best practices you see here are 
really about comprehensive management, and that is probably the 
hardest thing to legislate, is thinking about how do you bring man- 
agement principles to bear 

Chairman Carper. Like, how do you legislate common sense. 

Mr. VanRoekel. Well, I will not make comments. 

A starting point if you look at a bill, a proposed bill like FITARA, 
is that I think there is a disconnect between appropriators and au- 
thorizers. I think there is a money aspect here as much as there 
is an authorization aspect and thinking about that kind of duality 
in the work that is being done. 

I think that we have an opportunity with incentives and thinking 
about what outcomes we want to see. I also fear a lot of what we 
see in legislation that looks at technology is technology is moving 
so quickly. If we were sitting here 15 years ago, the notion of doing 



23 


these sort of agile approaches, or even Internet kind of approaches 
in government, were not as self-apparent as they are today. And, 
so, looking at how do we really think about what outcomes we are 
trying to drive versus what are the tactical ways we are going to 
get there is essential, because we are just moving so fast. We are 
moving fast enough that our procurement system or other things 
cannot keep up with it, and so we need to think about modern ap- 
proaches to get there. 

Chairman Carper. OK. Thanks. 

Same question, Mr. Powner, David, please. 

Mr. Powner. We have been pretty consistent saying that in 
terms of legislation, there are two things — that I think the two big- 
gest areas when you look at these initiatives, on the legacy side of 
the fence, it is data center consolidation, and we believe strongly 
that legislation that calls for annual reporting on what is being 
done will help hold everyone accountable. So, I think legislation is 
very important there. 

The other part of legislation that comes up frequently, too, is 
what do we do with the Dashboard? The Dashboard is very impor- 
tant from a transparency point of view and we do not want that 
to go away. The CIO ratings actually have helped with CIO ac- 
countability and authorities, and we hear a lot about, well, the cost 
and schedule data is not accurate. This is 

Chairman Carper. I am sorry, what is 

Mr. Powner. The cost and schedule data is inaccurate, what is 
behind the Dashboard, behind the ratings. Well, let’s get it accu- 
rate. Most of these agencies have about 40 to 50 major IT invest- 
ments and accurate reporting — 760 major investments is not that 
many when you look at 27 departments. So, we need to get the CIO 
ratings accurate and we need to get the costs and schedule fixed, 
and that transparency mechanism is vitally important for over- 
sight. 

And, so, I think the IT Dashboard, you need to be careful on 
what you report out of it, but I think having that mechanism in 
place going forward is very important. 

Chairman Carper. In terms of how the House-passed legislation 
addresses the points you have just raised, which one does it ad- 
dress and, maybe, which ones does it not? 

Mr. Powner. I think the House legislation addresses both data 
center consolidation and the Dashboard. I think both those items 
are in that legislation. 

Chairman Carper. OK. All right. Thanks. 

Dan, same question. 

Mr. Tangherlini. I would just echo what Steve said. I think it 
is very hard to create a legislative framework that requires and de- 
mands engagement at the executive level in IT projects. You can 
require it, but it will not necessarily result in it. 

So, I think what we need to do is continue to work, as we have 
been, closely with Steve to try to bring these best practices into our 
agencies, and we need to make sure there is transparency, and as 
a result, accountability through strong oversight from Congress, 
seeing how we are performing and getting the work done that we 
say we are going to get done. 



24 


I also think that we should be careful. One of the problems we 
have with doing anything, frankly, in government, IT among them, 
is how many different layers and policies and structures we have 
built up over time. As Steve said, this stuff is changing very fast, 
and do our requirements keep up with the speed and the pace of 
that change? 

Senator Coburn. Can I interject? We passed the DATA Act out 
of here, and the thing that will not change is the requirement to 
know what you spent and where you spent it and be able to ac- 
count for it. Those are basic principles, because you are never going 
to get a metric unless you know those numbers, and I think that 
is one of the things that David is saying. And the push-back from 
0MB on the DATA Act was, this is going to be so hard to do, 
which, all that tells you is they do not know where it is. It is not 
in getting the data to put onto it. It is, we do not know the data, 
which goes back to what Steve says, you are teaching management 
and you cannot manage what you cannot measure. 

So, the whole idea behind this was to get data, not just for trans- 
parency for the American public, but to force the agencies to actu- 
ally be able to measure what they are doing and have to report on 
it, because if you have to report on it, you are going to have to col- 
lect the data. And the hard job — I mean, we are giving the Pen- 
tagon 4 V 2 years to come forward with data on where they spend 
their money. They do not know where they spend their money. 

So, I really appreciate, Steve, what you are doing in terms of im- 
plementing a management capability, because that has been the 
real problem. It is not that we do not have great employees. It is 
we have a skill set that has not been up to the task, and what you 
are doing is very important in that regard. 

I have one other question. GAO’s recommendation is for 0MB to 
issue more specific guidance. What do you think about that rec- 
ommendation? 

Mr. VanRoekel. Are there more specifics about that rec- 
ommendation? 

Senator Coburn. Well 

Mr. VanRoekel. More specifics, guidance and 

Senator Coburn. In the incremental development. 

Mr. VanRoekel. I think a lot of what we are doing is in the di- 
rection of how to do incremental development, including getting in 
front of the agencies to work with them to teach the 

Senator Coburn. So, you feel you are actually issuing specific 
guidance and they just did not see it, or 

Mr. VanRoekel. No, I think it is not just about guidance. We do 
incremental guidance. Part of the key performance indicators as 
part of our PortfolioStat guidance that went out yesterday has in- 
cremental guidelines in it. So, I think we are definitely not only 
satisfying the spirit of incremental guidance, but doing very spe- 
cific things. 

Senator Coburn. All right. 

Dan, I just had one question. You are the agency that should 
model this behavior better than anybody. Are your IT projects 
within GSA meeting the 6-month timeframe in terms of incre- 
mental development? 



25 


Mr. Tangherlini. Some of them are, and we are working on 
making all of them meet those requirements. So, as I said at the 
end of my testimony, we still see a lot of hard work ahead for the 
systems that we are developing. But, we are hoping that the work 
that we are engaged in and the lessons that we learn are 
transferrahle to our agency partners so that we can structure the 
way we do business with them in such a way that they can actually 
get those outcomes, as well. 

Senator Coburn. OK. Thank you. 

Chairman Carper. One of the adages with respect to leadership 
is, do not just do as I say, do as I do. And to the extent that you 
are setting a good example for the others, it is just very helpful. 

I think we are going to start a vote here, a series of votes, and 
with that, I have one last quick question — no, I will ask it for the 
record. I have several more questions for the record. 

I will just conclude by saying this before we welcome our second 
panel. This is not an easy thing to do. It is a hard thing to do. In 
fact, it is a lot of hard things to do and it requires good planning, 
good implementation, appropriate funding, good oversight, trying to 
figure out what is working and what is not working and do more 
of what is working. 

We struggled with this in State Government when I was Gov- 
ernor of my State, honestly, and one of our problems was having 
the kind of human resources that we needed to actually develop, 
conceive of these plans, these kind of projects, and then have the 
people in place who could actually work with the private sector to 
implement them and do that in a cost effective way. 

And we found that we would just train people to do the IT work 
within State Government, and just when they would get to be real- 
ly skillful, they would get hired away, make more money and leave 
us. We finally figured out, the administration after time, to pay 
them more money and to reduce the kind of turnover and be able 
to attract good people and keep them for a longer period of time. 

So, I know these are not easy things that we are asking you and 
the administration to do. We want to play a constructive role. We 
got some great input and insights on what can be constructed. We 
have a data center bill that is out of Committee, waiting attention 
by the full Senate. We might even try to have it hotlined and get 
it passed under unanimous consent. We understand that that 
would be a constructive thing. I think the bill that comes out of the 
House, the FITARA bill of Mr. Issa and others, I think it is one 
of the elements of their legislation, so there are some common 
grounds. 

But, we want to continue to work with you. We want to stay in 
touch with you. We do not want to pass legislation that is counter- 
productive or unproductive. You will continue to — I am sure you 
will — make sure we are a guided missile, not an unguided missile. 

All right. With that, thank you for your continued dedication and 
diligence here and keep working. I think we are on the right track. 
Thanks so much. 

And with that, we will welcome our second panel. Initially, we 
had a vote that was supposed to start, or a series of votes that was 
supposed to start at 11. They did not, and then we are told there 
is a series of votes starting at 11:15, and that has not happened 



26 


yet, so we will go as far as we can, but my inclination is to go 
ahead and go as far as we can without taking a break. 

I want to welcome our second panel. Dan Chenok is Executive 
Vice Chair of the Industry Advisory Council, the industry partner 
to the American Council for Technology (ACT), recognized as a pre- 
mier public-private partnership in the government IT community. 
The ACT — I am just going to call it by its regular name. Industry 
Advisory Council (lAC). I do not like those acronyms, and this is 
one I am not going to learn. But, the Industry Advisory Council 
provides a wide range of programs and services to facilitate com- 
munications and collaboration and education. Mr. Chenok will be- 
come Chair, I am told, what, July 1. There is more I could say 
about you, Mr. Chenok, but I am not going to do it today. I want 
to welcome you, thank you for your good work and being here 
today. 

Next is Karen Evans, no stranger to this Committee. Nice to see 
you again. She serves as the National Director for the U.S. Cyber 
Challenge, the nationwide talent search and skills development 
program focused specifically on the cyber force. She has been great 
to work with as a servant to the people of our country and working 
with us for many years. We are just happy to see you again, and 
welcome, both of you. 

Please proceed with your statements. Dan, if you want to go first, 
and Karen, we will ask you to followup, please. Thank you. 

TESTIMONY OF DANIEL J. CHENOK, i EXECUTIVE VICE CHAIR, 

INDUSTRY ADVISORY COUNCIL, AMERICAN COUNCIL FOR 

TECHNOLOGY AND INDUSTRY ADVISORY COUNCIL 

Mr. Chenok. Thank you. Chairman Carper, and thanks to Dr. 
Coburn, as well 

Chairman Carper. He will be back shortly. 

Mr. Chenok [continuing]. And to the Committee for holding this 
hearing and for the opportunity to testify. 

I am here in my capacity as the Executive Vice Chair of the In- 
dustry Advisory Council. lAC is the industry partner for the non- 
profit American Council for Technology, an organization led by gov- 
ernment IT officials. This unique government industry partnership, 
referred to as ACT-IAC, provides an objective, vendor-neutral, and 
ethical forum to improve government. 

As this Committee has highlighted, every Federal agency relies 
on IT to provide services and conduct operations. Any major pro- 
gram, project, or transformation involving IT brings great potential 
for positive change and benefits, but also brings risks to be man- 
aged. 

Over the past several months, ACT-IAC has joined a number of 
stakeholder groups in a dialogue with 0MB and other government 
leaders regarding how best to improve the government’s capacity to 
manage IT programs effectively. We have drawn on our unique po- 
sition as a government industry partnership to identify best prac- 
tices and lessons learned in both sectors and formulated an initial 
set of critical success factors for IT and a framework that you indi- 
cate here on the posters we refer to as 7-S for Success. 


^The prepared statement of Mr. Chenok appears in the Appendix on page 79. 



27 


Before addressing the 7-S Framework, I would note that govern- 
ment and industry share many common elements with regard to 
the implementation of large-scale IT systems as well as important 
differences. Complex IT programs in both sectors are characterized 
by multiple stakeholders, large and organizationally diverse project 
teams, and the need for agility given technological change. 

Government IT programs do involve unique elements, as well. 
These include laws and rules that can require significant time to 
revise, if needed; a budget process where planning occurs up to 30 
months before the money is actually spent; and limited knowledge 
about how to leverage the acquisition process to promote innova- 
tion. Adapting commercial best practice to help improve how gov- 
ernment acquires and manages IT programs must account for these 
elements in order to succeed. 

I will now turn briefly to the 7-S Framework itself. The first suc- 
cess factor is stakeholder commitment and collaborative govern- 
ance. Most complex programs involve numerous stakeholders and 
often multiple agencies, contractors, and other non-government 
constituencies. There should be clear lines of accountability and re- 
sponsibility for program goals among these players, as well as en- 
gagement with key stakeholders, including oversight organizations 
like 0MB, GAO, and Congress. 

The second factor is a skilled program manager (PM) and team. 
There must be an accountable and qualified senior leader of the 
program. The PM should ensure that a sound, integrated program 
team includes strong leaders who have consistent performance 
measures related to system and program milestones to maximize 
the likelihood of positive outcomes. 

The third factor is systematic program reviews. In addition to as- 
sessing progress against programmatic goals, governance leaders 
and the PM should celebrate success and identify problems prompt- 
ly for correction. Reviews should include senior representatives 
from key contractors, where appropriate, to ensure agreement on 
status, risks, and necessary actions. 

The fourth factor is shared technology and business architecture. 
Major IT programs involve complex interfaces with multiple sys- 
tems. A business and technology architecture can guide activities 
across the team while remaining flexible enough to encourage 
changes during development and execution. The architecture 
should also address how new technologies and business processes 
will be integrated with legacy systems. 

The fifth factor is a strategic, modular, and outcomes-focused ac- 
quisition strategy. The PM must collaborate with the acquisition 
organization and other government and industry stakeholders to 
develop an acquisition strategy that supports program goals. The 
acquisition process should start well before contract award, include 
market research and requirements identification, and lay out goals, 
timelines, and budget linkages. Procurements should also have con- 
sistent outcomes-based incentives across contracts. 

The sixth factor is software development that is agile. An innova- 
tive IT approach, as you heard earlier, is found in agile software 
development under which applications are developed in an iterative 
fashion with small-scale rollouts, frequent feedback from end users, 
and communication with leaders on changes needed throughout. 



28 


This approach reduces risks and increases the chances for program 
success. 

The seventh and final success factor is security and performance 
testing throughout. Modules should be tested and released in 
phases throughout design development and operations, both for in- 
dividual components and end-to-end system performance. 

Chairman Carper, Dr. Coburn, and Members of the Committee 
thank you for the opportunity, again, to testify here today, and I 
look forward to answering any questions you may have. 

Chairman Carper. Dan, thank you very much. Thanks for your 
testimony, and thank you for the seven “S”s. 

All right, Karen. Please proceed. 

TESTIMONY OF KAREN S. EVANS, i PARTNER, KE&T PARTNERS, 

LLC 

Ms. Evans. Good morning. Chairman Carper and Ranking Mem- 
ber Coburn, when he returns, and Committee staff members. I am 
pleased to be invited back to share my views on identifying critical 
factors for success in information technology acquisitions. My re- 
marks today will describe best practices and success factors for 
managing information technology systems that the government can 
learn from industry. 

The Federal Government will spend nearly $80 billion on infor- 
mation technology this year, and despite guidance and oversight 
from Congress, GAO, and 0MB, the Federal IT projects too fre- 
quently incur cost overruns and schedule delays and end up con- 
tributing little to agency mission outcomes. Frequently, these fail- 
ures result from well-known hazards that experienced practitioners 
have learned to avoid by adopting specific procedures, best prac- 
tices, that circumnavigate these pitfalls. 

Other times, the project failure could be traced to someone not 
doing what they were supposed to do. The technology did not play 
a trick on them. This was not an unforseen outside force dooming 
the project. No, in every case, someone missed their block and let 
a defender sack the quarterback. The reflexive response is to add 
another layer of rules to prevent someone from making that bad 
decision again. This is the wrong way to go, as it adds layer upon 
layer of bureaucracy and eventually grinds the process to a halt. 

One cannot mandate good outcomes, nor can Congress legislate 
to preclude failure. Rather, the IT acquisition system must foster 
a culture that allows and tolerates a continuing learning cycle to 
improve overall performance. Results, whether they are good or 
bad, provide important feedback that needs to be integrated into an 
overall management framework. The goal must be to enable suc- 
cess, not to preclude failure. 

My written testimony included critical success factors that the 
Committee could easily influence, should it choose to do so. How- 
ever, I would like to highlight one factor in particular, which is the 
need for leadership at the departments and the agencies. 

The Chief Information Officer is the person in the C-suite who 
should have the capacity to translate technology issues into busi- 
ness-speak for other business leaders. The CIO position is currently 


^The prepared statement of Ms. Evans appears in the Appendix on page 99. 



29 


under scrutiny, as the original purpose of the position is not nec- 
essarily working as envisioned, both in private sector and in gov- 
ernment. 

Whether this person is a CIO, a Chief Risk Officer, a Chief Inno- 
vation Officer, or a Chief Strategist, or some other chief, it is nec- 
essary to have a leader who can speak to senior executives in terms 
that are relevant to them and can state the potential consequences 
in terms of political and policy values. For example, the public 
opinion impact on promised level of service or unfavorable news 
stories, declines in earnings per share. Right now, the CIO is in a 
unique position to ensure that this happens and needs to provide 
the leadership in order to avoid the mistakes of the past. 

Overall, Federal CIOs and commercial CIOs are similar, with the 
same job description: To be the technology-savvy member of the ex- 
ecutive team, to provide value through innovation, to manage data 
as a strategic asset, and to lead a team of technologists and enable 
organizational greatness. 

There is widespread perception that the government is inher- 
ently incompetent at implementing IT systems, not just because of 
the recent high-profile failure, but because that follows a string of 
high-profile failures. However, I have also seen a lot of IT projects 
that were tremendously successful, that delivered on time and 
within budget, that are helping the American Government to serve 
the American people, that did not get newspaper stories written 
about them. So, rather than trying to prevent failure, we should try 
to promote success by implementing best practices, assigning quali- 
fied program managers, and monitoring with accurate metrics. IT 
is a neutral enabler for program delivery, and good management is 
nonpartisan and can support all policies. 

I thank you for the opportunity to testify today and I look for- 
ward to answering questions. 

Chairman Carper. And I look forward to asking them and hear- 
ing your answers. 

We have a series of four votes in a row. Dr. Coburn has gone to 
vote on the first vote, and then come back. We are going to take 
turns here. We do not want to have a lot of downtime. He will be 
presiding for part of the time; I will be presiding for part of the 
time. Between the two of us, we hope to provide some good ques- 
tions for you and have a good conversation. 

That having been said, we are going to recess just for a very 
short period of time. When Dr. Coburn returns, he will take up the 
gavel and begin asking questions. 

So, thank you very much. With that, we are in recess. 

[Recess.] 

Senator Coburn. [Presiding.] I did not get to hear your state- 
ments, but I have been briefed by my staff. First of all, thank you 
for being here. 

My first question is, what did you think? Did you hear the testi- 
mony? What are your thoughts? Go ahead, Dan. 

Mr. Chenok. From the first panel? 

Senator Coburn. Yes. 

Mr. Chenok. So, I think it is important that there was wide 
agreement that this is not simply a technology issue, that it is an 
issue that crosses multiple functions in agencies, including acquisi- 



30 


tion, finance, budget, as well as mission leadership, and that is 
really, I think — it was implied in the statement, but the purpose 
of technology to support agencies, just like it is in a private sector 
organization, is to improve the mission and service of that organi- 
zation. And so 

Senator Coburn. So, management. 

Mr. Chenok. Improving management to improve the outcome for 
either citizens or the customers of a company is really the reason 
why technology exists. So, it is important to talk further, I think, 
about that integration. 

Senator Coburn. OK. Karen, what were your thoughts? 

Ms. Evans. What I heard was a debate between what is hap- 
pening today, so a tactical approach, so that is a lot of what GAO 
is putting forward — things that have already launched, the tactical, 
we have to bring them to conclusion — and then the strategic out- 
look of how do you fix this in the long term, which was described 
by Steve and the GSA Administrator about how do you fix this so 
that it does not occur in the long term. And that you are trying to 
fix the systemic issues so that you can then launch new projects 
with a certain level of confidence that you know that rigor is going 
to be there. 

But, there is the concern that GAO has, that you cannot lose 
sight of what you have already launched because it is $80 billion, 
and in their particular case, they outlined very specifically about 
projects and programs that are in the pipeline that you want to 
make sure that those dollars actually achieve results. 

Senator Coburn. My take-away, and actually, it is pretty well 
governmentwide — one of the reasons I am a big Jeh Johnson fan 
is I think he is a good manager. I think he has good leadership 
skills, and we are already starting to see some of those changes at 
Homeland Security. But, the big thing I have observed all my time 
in government is a deficit in leadership, a deficit in management 
skills. And, I think you heard from Steve today — he is an impres- 
sive guy, and he gets the big picture and the short picture, and he 
is kind of transitioning from the “fix it” to prepare to make sure 
it stays that way. All right. 

You have been a CIO in the Federal Government. You have tried 
to manage IT at 0MB before. Based on your experience, what 
should be our expectations? 

Ms. Evans. For IT performance overall? 

Senator Coburn. Yes. 

Ms. Evans. So, as Dan said and as I indicated in my testimony, 
IT is an enabler, so it is a means to an end. It should not be the 
whole thing itself, which I do believe, and this is a management 
issue that you are bringing up, is that the government has a tend- 
ency to really get focused around the IT solution itself versus what 
it is actually trying to accomplish. 

That is one of the biggest differences that I see now that I am 
on the outside, and areas that I maybe could have helped more 
when I was on the inside is really stressing what is the outcome 
that you are trying to achieve with that investment and how soon 
will you get there, versus, well, we have to have a Human Resource 
(H.R.) system, or we have to have a financial management 



31 


Senator Coburn. A metric measurement. OK. How often, when 
you were at 0MB, did you use the budget to enforce management 
changes, in other words, a real hammer? 

Ms. Evans. All the time. [Laughter.] 

I would say, all the time, consistently. And some of the things 
that were discussed earlier and some of the challenges with agile 
development or breaking things into modular development, and 
Dan highlighted that, is that the appropriation process within the 
government, you are always working at least on a 24-month if not 
30-month cycle. So, in private industry, that is not the case. It is 
12 months. So, to deliver in 6 months or 12 months is realistic 
within private industry because they already think in those terms. 
The government people are thinking in 2-to 3-year increments be- 
cause that is the way the appropriations process works. 

So, what is critical is being able to break it down into smaller 
increments and then use the tools that 0MB has available to them 
to either make sure that a spend plan comes in that clearly out- 
lines and that you have an agreed upon implementation plan so 
that you can hold them accountable to those milestones. 

Those are the types of things that we did on what we called — 
which you are very familiar with — the Management Watch List, 
the High-Risk List 

Senator Coburn. Yes. 

Ms. Evans [continuing]. That we used those types of tools so that 
we could make sure that the money that Congress appropriated for 
that big outcome was actually being achieved with steps in be- 
tween. It is hard to see a lot of those deliverables, especially if it 
is an internal project, like a financial management system or an 
H.R. system, because those deliverables are not publicly available 
for everyone to see. 

Senator Coburn. Yes. OK. What did you do with the failing IT 
programs? 

Ms. Evans. We would have to evaluate what the program is for. 
So, for example. Senator Carper highlighted the Sentinel program, 
and we have had these discussions before. When a program starts, 
or a project starts in the first place, it is usually in response to 
some type of business need. So, the business need really does not 
go away. Like, in the case of the Sentinel project, the business need 
did not go away to have a good case management system and to 
be able to manage law enforcement data. That IT project called 
Sentinel went the wrong way. 

If it is failing, you still need to meet that business need, and 
what you have to do is either stop the work, which we stopped the 
work that was happening on that and redirected it, brought it back 
into smaller pieces, and then said, you have to move out and you 
have to have a go/no-go decision. And if it is not meeting the re- 
quirements, then you cannot fully implement it and you cannot 
keep throwing money at it. 

Senator Coburn. Yes. 

Ms. Evans. And so that gets to the project management portion 
of this and the requirements associated with it, is that those re- 
quirements have to be clearly understood, because you are still al- 
ways going to have that business need. It is how you go about im- 
plementing and achieving that need. 



32 


Senator Coburn. Dan, your testimony highlighted seven critical 
success factors in IT management. Where, in your estimate, has 
the Federal Government fallen short, in order, of those seven 
things? Where do you see us not up to par? 

Mr. Chenok. So, I think there are elements of each of the factors 
where there are successes, but there are also areas where there is 
progress to be made. 

One of the points that we make in the report and that I spoke 
about in my written testimony is that it is not as though there are 
seven independent factors. 

Senator Coburn. Yes, they are all interrelated. 

Mr. Chenok. These are interrelated and they are elements of 
strong management. And I think you heard in the first panel about 
some of the approaches to how to approach strong management. 

The other thing I would point out is that the question that you 
asked about what can Congress and what can this Committee do 
is to highlight that importance through oversight, as you are doing 
today, and also look at opportunities where there are — I think it 
was Administrator Tangherlini who talked about multiple laws and 
rules that are basically having agencies focus more on compliance 
than on how to essentially bring good management to achieve mis- 
sion outcomes. 

Senator Coburn. Yes. 

Mr. Chenok. And so, focusing on that, looking at those inter- 
connections where there might be areas to clarify is something that 
I think Congress can do, as well. 

Senator Coburn. You saw Steve testified about how he put a 
package together. Here is the acquisition — if you want to do this, 
here are the acquisition rules. Here are the compliance rules. In 
other words, they are building some of the packet to give reference 
to some of the people in the different agencies that want to do that, 
and I think that is a positive step. Would you concur? 

Mr. Chenok. Yes, I would agree with that. I think that the 
TechFAR, as Steve referred to it, also resulted from some of those 
consultations that Steve did with our association, ACT-IAC, as 
well as some other industry associations, and it is really an ad- 
vancement on the Mythbusters program that the administration 
initiated, and it will lead, I think, to the identification of some re- 
quirements in the the Federal Acquisition Regulation (FAR), that 
could be reformed to provide for more agile and more incremental 
development. 

Senator Coburn. Yes. Give me your assessment on what you see 
in private industry on how IT is managed and what you see in the 
government. Note my critical note of some big businesses, because 
they wrestle with this when they are out purchasing IT, as well, 
in terms of costs and completion dates and functionality. Contrast 
that for me for a minute. 

Mr. Chenok. So, as an association that has both government and 
industry members, I think we have a lot of experience looking 
across the two sectors. And, I think one thing in industry — we 
talked before, and I think it was mentioned by Steve VanRoekel, 
and Karen repeated this — the funding cycle is much shorter, so 
that in industry, when you have an issue that comes up, and there 



33 


are issues that come up multiple times in any large IT, complex IT 
migration, whether it is government or industry 

Senator Coburn. Right. 

Mr. Chenok [continuing]. You have the ability to more quickly 
pivot through providing resources. And in industry, it is often on 
a quarterly type of consideration, even more quickly than a yearly 
consideration, as management teams look to manage their assets 
looking across their enterprise. 

It is more of a challenge for government leaders, whether they 
are Chief Information Officers, budget officials, or program officials 
looking to correct problems, to say, all right, we see a problem. We 
are going to redirect resources. We are going to use a flexible fund- 
ing arrangement with accountability and transparency to our 
stakeholders and to oversight organizations, including the Congress 
and GAO, to make those changes. 

And I think that is one area where, again, if there are opportuni- 
ties to examine where working with authorizers and the appropria- 
tions process, where there are reforms that could be brought, it is 
bringing government spending for technology more in line with 
that industry best practice through flexible funding arrangements. 
Things like working capital funds or franchise funds, which do 
exist in government, but they are not pervasive, and to some ex- 
tent — 

Senator Coburn. They are not utilized much in IT. 

Mr. Chenok. Right. To some extent, I think that there needs to 
be more transparency about results in those settings. So, that is 
one area that I would draw as a significant contrast. 

Senator Coburn. Of all the billions that we have wasted in IT, 
not once have I ever found where we went after the supplier for 
non-performance, which begs the question, did we know what we 
wanted? If, in fact, we knew what we wanted and somebody did not 
supply it, we have a basis for contract non-performance, and yet I 
have never seen that happen once. Any comments on that? Karen. 

Ms. Evans. So, in my experience, as you know, I have been an 
operational CIO, and this is where I allude to this in my testimony, 
about good decisions and bad decisions need to inform the process. 
So, in my experience, if you are clear about your requirements, you 
can use those tools. There are tools. The acquisition rules allow for 
those tools to be there. 

There are things that I have done in my experience where there 
was clear non-performance, and so, therefore, when an option year 
comes up — and contracts are done this way — that you do not exer- 
cise the option year, and that usually sends huge ripple effects. 
And so those are things that the government does do, but you do 
not necessarily hear about, that they do not exercise the option 
years on those contracts. The biggest part is making sure that the 
way that you write the contracts, so in this acquisition, as we talk 
about acquisition best practices, is that the way that you transition 
out from one contractor to another, that you actually think about 
the possibility that the contractor would have non-performance. 

Senator Coburn. Well, but that is my point. 

Ms. Evans. Right. 



34 


Senator Coburn. Your tool is not exercising the option for them 
to continue to non-perform, and my question is about non-perform- 
ance and them paying the government for non-performance. 

Ms. Evans. Well, and that has happened, and actually on the 
Sentinel project itself, although we did not highlight a lot of this, 
that is — and these contracts were done through GSA, and so this 
is where GSA is great because of the way that the contracts are 
set up — that that was documented as non-performance on the con- 
tractor’s part. They did try to argue back and forth that the FBI 
did not know its requirements and loosey-goosey 

Senator Coburn. Yes. 

Ms. Evans. And there was a certain amount of that, OK, and 
there was also the finger pointing between the two contractors say- 
ing, you were supposed to do this and you were supposed to do 
that. But GSA stepped in on that particular effort, and because of 
the way the FBI had contracted for that service, they could exercise 
certain things and they did not accept deliverables. And then those 
contractors also gave money back to the government and also 
agreed, in order to be able to go forward, that they would only do 
certain cents on the dollar until the project was back on track. 

So, there are tools that are available to the government. When 
you asked, did we use our authorities in partnership with GSA in 
order to move the contract 

Senator Coburn. Do you think that happens often enough? 

Ms. Evans. I do not think it happens as much as you would like 
for it to happen, sir. 

Senator Coburn. Sort of like incremental development, I 
mean 

Ms. Evans. Yes. 

Senator Coburn [continuing]. If, in fact, you get there and if you 
have not met the milestone, where do you go next? 

Ms. Evans. And you have to say, no, that you do not go. The 
other issues that happen a lot of times, and this happens in the 
government, not so much in industry, is that a government will 
launch a pilot, and 

Senator Coburn. Yes. They never die. 

Ms. Evans [continuing]. And they never die. So, during our ten- 
ure and OMB’s oversight, what we attempted to do was call them, 
like, initial operating capabilities and really looked to see if it was 
really meeting the need to do it and then see if you could build off 
of it. But, there were pilots that we had to shut down because it 
cost too much to maintain the pilot while you were doing the other 
projects, so you would have to shut down the pilots, and those were 
really difficult, because the group who volunteers up front is the 
one who says, well, I am really using this now for business needs, 
so where do I go, because I shut down this other effort that I was 
doing manually. 

So, when you start looking at what industry does well, where 
government could improve, is industry really looks at the same 
metrics that we ask for, the earned value, management data, cost 
schedule, and performance. They look at that data. Their organiza- 
tion is very sensitive to the variances because it affects the dollar 
amounts in the profitability of a company. 

Senator Coburn. And the bonus. 



35 


Ms. Evans. Well, and the bonus, absolutely, right, because they 
get performance bonuses. So, they respond to the sensitivity a lot 
faster and so they will fail faster. I mean, if that is really what we 
want to talk about, they will fail fast, learn from that, do a course 
correction, and then hit on success. So, even when they have big 
failures in industry, it is not at the same cost level as ours because 
we tolerate a longer time. The government will tolerate a longer 
time because they want to get to that success. 

Senator Coburn. OK. Dan. 

Mr. Chenok. One of the things that makes it difficult in govern- 
ment, per your question earlier. Dr. Coburn, is that the aligned in- 
centives are not consistent across the stakeholder groups, and we 
talk about this a little bit in our paper. But, the acquisition process 
does not necessarily make it clear, what are the performance 
standards that the contractor should provide and achieve that are 
related to the mission elements of the program. 

For example, in the GPRA Modernization Amendments, the stra- 
tegic agency goals and priorities are not necessarily linked to the 
performance of the IT organization and they are not necessarily 
translated to the contract that then provides the incentives for the 
company to produce. And so that is where you get some of this dis- 
connect, where it is hard to react in a manner that you are describ- 
ing, to basically understand, what are the successes that can be re- 
warded for good performance with a contractor and where are there 
problems that need to be corrected quickly. And that is why we 
talk about aligning incentives as one of the key elements of the 
framework. 

Senator Coburn. One of the things you cited in your testimony 
was the necessity of having a skilled program manager and a 
skilled team. Turnover of project managers is a big problem within 
the Federal agencies. How do we address that? 

Mr. Chenok. So, it is — and I spent a long career in the govern- 
ment. I had the good fortune at the end of my time as the 0MB 
Senior Career Official for IT Policy to work with Karen at the be- 
ginning of her tenure as the Administrator. And I saw both great 
examples in government of long-tenured, very successful program 
managers and, as you say, elements where project managers were 
either not in sufficient quantity or skill or switched out quickly. 

I think some of the reforms that 0PM is now engaged in, in 
terms of bringing in people more quickly and through authorities 
like direct hire, as well as improving the training process for pro- 
gram managers so that very talented Federal employees can under- 
stand what it is to incorporate things like the GAO Critical Success 
Factors or the 7-S for Success elements into their management 
structure, helps them to understand the point that we made ear- 
lier. 

Most government employees, and especially government man- 
agers who have been with agencies for a long time, are passionate 
about the mission of the programs that they implement and the 
key is to help them understand how good management can support 
better outcomes for that mission. That can be a powerful enabler 
to encourage Federal leaders to stay and carry through on their re- 
sponsibilities. 

Senator Coburn. I see some of that in Steve. Do you agree? 



36 


Mr. Chenok. I would. I have had the good fortune of working 
with Steve over a number of years, both when he was with an 
agency, the Federal Communications Commission, and with 0MB, 
and I think that he is doing an excellent job through the program 
that he laid out today in creating that foundation for improvement. 

Senator Coburn. OK. One of the things, it seems to me, is if you 
have a really skilled manager with really capable leadership but 
you do not empower them to actually manage and lead, they are 
not going to succeed. So, in your mind, both Karen and you, Dan, 
how is the role of CIO in the Federal Government different from 
CIOs in private industry? 

Mr. Chenok. So, let me actually talk about Karen for a moment. 
I worked with Karen when she was a CIO, both at the Justice De- 
partment at a bureau level and at the Energy Department, and 
then when Karen was the Vice Chair of the Federal CIO Council. 
And in all three roles — the authorities differed, and that is true for 
other CIOs that I worked with in government then and it is true 
today — Karen was able to bring forward some of the best practices 
that she has spoken about here in those different roles. And I think 
a private sector CIO would also bring in those types of integrating 
technology quickly, doing significant program reviews with a 
project team, linking those program reviews to outcomes. Those are 
some of the similarities of strong CIOs in government and indus- 
try, and that is hard to legislate per se. I think you can clarify au- 
thorities, whether that is in legislation or through oversight and 
through understanding and expectation. 

But, I will come back to the first “S” in our framework. In indus- 
try, you have a strong governance team, a C suite team, who pulls 
together as a mission team the CIO and other leaders to say, how 
are we going to deliver our product or service to make revenue this 
quarter, increase our customer service expectation, et cetera, and 
really drive to those mission goals and objectives. And in govern- 
ment, CIOs are often more focused around compliance because of 
the many different rules and laws that we spoke about earlier, and 
it is harder. Good CIOs will find a way to leverage those laws and 
rules. Sometimes, it can become overwhelming. 

And it is not to say that there are not laws and rules that exist 
in companies, because there are regulations that companies follow, 
as well, things like Sarbanes-Oxley and Gramm-Leach-Bliley, for 
example, in the financial services industry. But, again, they are 
built into a risk program, and that is — the last thought I will have 
here is that CIOs in industry will often understand the balance be- 
tween risks that an agency faces from a technology infrastructure 
and the benefits that they can implement through technology, and 
so they can balance those risks against the benefits and move for- 
ward. That is a harder conversation to have in government because 
risks tend to get magnified quickly and it is harder to react quick- 
ly- 

Ms. Evans. So, I think we are at the point where you are start- 
ing to see a lot of evolution about information technology, and you 
are really seeing this play out — should I say this — in the Target 
situation, all right, because through the point that Dan is saying 
with risk, CIOs, if they are operational in focus, will never be able 
to rise to the board room, will never come in — and I see it now, be- 



37 


cause I sit on several boards — the CIOs are not part of the senior 
leadership team that are briefing about what is happening within 
an organization. 

They are moving more toward the risk model because informa- 
tion technology is an enabler. So, they are providing services, and 
whether they are providing Internet online services, you see risk, 
cybersecurity, all those types of things, threat, all that is rolling up 
now through what is, like, the audit committee, because they look 
at the risk profile for the company. 

Now, either the CIO can jump in there and say, this is how we 
are doing things and this is how we are managing it and then they 
do what I had outlined here, where they talk about this is the im- 
pact that it will have on the business if we do not do X, Y, and 
Z. That is, in OPM-speak or senior executive-speak, it is business 
acumen, right. It is either the CIO has business acumen and can 
translate what the technology risk implications are to the business 
of that agency, and either we have CIOs that have the business 
acumen to be able to do that or we have CIOs that are very tech- 
nology operational focused and they will not be viewed as that stra- 
tegic partner. 

And so you are seeing that evolution. Industry recognizes that 
they need it. They know they need innovation, so they started lay- 
ing out Chief Innovation Officers. They know they have to have 
risk, so they have a Chief Risk Officer. They know they need to 
manage information from a strategic standpoint, so they have a 
Chief Strategist. 

All of those were envisioned, if you look back at Clinger-Cohen, 
Senator Cohen’s initial vision, that is what a CIO was supposed to 
do, the strategic management of information to enable mission out- 
comes. And that is also what was supposed to happen in private 
industry. But, because of the way the environment is, either they 
step up to the bat and they can do it or business is going to com- 
pensate for it because it is a need that needs to be addressed. 

Senator Coburn. OK. Thank you. 

Chairman Carper. [Presiding.] Dr. Coburn, thanks. 

I want to go back to the first panel for a little bit. They are not 
here anymore, so they will not know what you are saying. But, just 
go back and think about their testimony, some things that you es- 
pecially agreed with, maybe some things you have questions about, 
and just share both of those. Where you have strong agreement, it 
would be helpful for us to know that. Maybe some questioning 
would be helpful, as well. 

Mr. Chenok. So, again, the relationship, I think, but one thing 
we heard that was common was the relationship across multiple 
functions in an agency; that good IT management involves mission 
leaders, CFOs, Chief Acquisition Officers and creating a govern- 
ance framework. The first of the “S”s in our model that works 
across these entities I think is important, and I think you heard 
that from the panel. 

I think that some of the solutions and recommendations that 
were discussed that 0MB is laying out, that Steve VanRoekel laid 
out in his testimony, will provide some of the infrastructure to be 
able to move more quickly. 



38 


One of the things that we talked about with Dr. Coburn was 
aligning the funding processes in government to match that need 
for speed such that it is not a 30-month delay and you have to 
build in response to something that is happening this year into 
your budget plans that then go and get appropriated 2 years later 
when September of the fiscal year comes around, that we create 
flexible funding mechanisms to allow faster response through a 
technology infrastructure. And I think that is something that cer- 
tainly the industry, ACT-IAC, would welcome the opportunity to 
work with the Committee and Congress to move forward on. 

Chairman Carper. OK. Thanks. Ms. Evans. 

Ms. Evans. So, what I agree with is the way that Steve laid out 
PortfolioStat and the way to move forward with PortfolioStat. And 
if you look at what he said and then look up at the success factors, 
what he is really doing is building and integrating the manage- 
ment framework that would allow for the success of programs 
through the use of technology. So, he is talking about performance 
indicators, bringing in the key stakeholders, then asking for that 
on a quarterly basis and really looking at what are the mission out- 
comes that you are trying to achieve and put the parameters 
around it. But looking at the agency as a whole, or looking at the 
department as a whole, because if you have to make tradeoffs, you 
cannot do that within one project. The agency leadership is going 
to have to look at the portfolio across the board and how is it per- 
forming across the board, or do you have to, like, stop something 
because this other one is more important and it is taking more re- 
sources than you had anticipated. 

So, I think the way to move forward, the way that he has per- 
formance indicators, that is the way that is going to institutionalize 
the success that you need or allow for the failures that are hap- 
pening to be corrected in that framework. So, that is a great thing. 

The other part that I think we need to really still stay focused 
on is that there are activities that are happening now that need to 
catch up to what he is building institutionalized, and you cannot 
lose sight of those activities, like the data center consolidation, or 
several of the cross-agency performance goals that they have re- 
lated to cyber or workforce issues. Because if those things are 
launched and what you want to try to do is change them in mid- 
stream so that they can then get on this same path of the 
PortfolioStat in order to achieve the results. And that part, I think, 
needs to really be looked at from an oversight perspective, of how 
are you going to transition these existing things that are hap- 
pening into a PortfolioStat environment. 

Chairman Carper. OK. Good. One of the questions I asked of — 
in fact, a couple of questions of the earlier panel dealt with what 
is the appropriate role for us in the Legislative Branch to move this 
along and to get a better result maybe for less money. We try to 
do oversight. We try to do good oversight, not “gotcha” oversight, 
but constructive oversight, and, Karen, you have been before us 
enough to know that that is really the way we operate here. 
Whether Tom is the Chairman or I am the Chairman, that is our 
attitude. 

We have this legislation reported out of the House, FITARA, with 
bipartisan support. We are going to try to get it hotlined and 



39 


passed by unanimous consent, our data center legislation that Dr. 
Coburn and I and others have worked on here in the Senate and 
see if we cannot move that. I understand a piece of FITARA, the 
House bill, actually focuses on data center. 

Just talk to us, if you would, about — again, similar to the ques- 
tion I asked the first panel — what is our responsibility? What is 
our opportunity on the legislative side? What are some things we 
ought to be doing in terms of legislation? What are some things we 
ought not to be doing? 

Ms. Evans. So, in my testimony, I did outline some of those 
things, and I do realize that there are a lot of good pieces of 
FITARA that I think really should go forward, like the data center 
consolidation. They have the Center for Innovation. There are addi- 
tional things that I think if you 

Chairman Carper. What are some other pieces besides the data 
center in FITARA 

Ms. Evans. Well, they have 

Chairman Carper [continuing]. That you think should go for- 
ward, maybe with some modification, but should go forward? 

Ms. Evans. And they have things in there dealing with the Inno- 
vation Center, which is very similar in line to things that GSA has 
talked about with the 18F, as well as what Steve has talked about 
with the Digital Services. So, you could combine those three ideas 
together, which would get to what I believe you and Senator 
Coburn had put together a long time ago, which was also the abil- 
ity for 0MB, from an oversight and proactive approach, to be able 
to go in and help agencies fix things, right the ship before it goes 
too far astream, and also create some of the innovation that you 
need for these seed projects so it can then go out. You create it once 
and it can be used by many agencies over and over again. So, those 
concepts are already being deployed by the administration and are 
also included in the legislation. 

There are some other things, though, where the legislation is 
specifically looking at the CIO and things like the budget authority 
that could be tweaked. For example, I outlined that maybe one of 
the things, when they are talking about personnel issues and that 
all component CIOs should be reporting to the CIO at the depart- 
ment, that program managers in component organizations should 
also be part of the CIO organization, because then you bring that 
expertise of how to implement the system in conjunction with a 
program executive. 

And so those, if you put a little bit more detail, and I am usually 
not one to say, put more detail in there and give agencies flexi- 
bility, but if you kind of spelled out those two roles in the legisla- 
tion, that would get to a lot of this commitment of the stakeholders, 
the collaborative governance that you need, because you are specifi- 
cally saying the program manager belongs to an IT function, so 
that is the implement, and the program executive belongs to the 
program function, which allows the integration of those two things 
together. And you could input that into the legislation and that 
would get to several of these pieces that are in the governance 
structure that both GAO and lAC and everyone has recognized 
that needs to be done. 



40 


And then the other part that I am suggesting is that through the 
Exhibit 300 process or through reporting process when it is asking 
for reports, is that there is a program manager. If a program man- 
ager is put in charge of a project, we used to, we say that they have 
to have the skills. If you look at the Exhibit 300 right now, it is 
not there, because I actually printed one off to make sure I was 
right before I came. But, you need to see who that is from an over- 
sight perspective, and you need to know, in essence, what their re- 
sume is. Did they manage to completion a project of this nature? 
And if they did not, then do they have the adequate training and 
the certification so that they can? 

And some of those types of things, you could get visibility down 
into it, which would then at least put the project on a path that 
would show that it at least would get success from that perspective. 

Chairman Carper. OK. Good. Thanks so much. 

Mr. Chenok, do you agree with anything that Karen has said? 
[Laughter.] 

Mr. Chenok. I do. Senator Carper. 

Chairman Carper. Oh, good. 

Mr. Chenok. I think Karen raises excellent points. I would note 
that, with regard to specific legislation, the Industry Advisory 
Council is a non-lobby 

Chairman Carper. I understand. 

Mr. Chenok [continuing]. So we do not officially take positions 
on legislation. With regard to 

Chairman Carper. I understand that. What she said was helpful 
in terms of these are the provisions that we think are really wor- 
thy, should be pretty much 

Mr. Chenok. Right. I think 

Chairman Carper [continuing]. And here are a couple that 
should be tweaked, so that is very helpful. I find these are not real- 
ly — a lot of stuff around here, we just get bogged down forever. 
They are partisan issues. This is one that should not be very par- 
tisan. Nobody wants to waste money. We all want to get better re- 
sults. So, just with that in mind, go ahead. 

Mr. Chenok. So, I do think that there are a number of elements 
that this Committee and Congress can do to promote the goals that 
you are espousing in this hearing. 

One is, as you talked about, constructive oversight, and that is 
highlighting both successes and issues to be addressed and under- 
standing that agencies do take risks, just as companies take risks, 
in implementing programs. The world is not a riskless world. So, 
helping to have a conversation that is a more mature conversation 
about how agencies can proceed in implementing programs where 
things will not always be perfect, but the larger goal of serving citi- 
zens, just like when a company has the larger goal of serving cus- 
tomers, it makes it worth taking those risks, and there is an ac- 
countability structure. So, providing oversight on that balance, I 
think, is an important role that this Committee can take. 

In addition, I think that the funding alignment issue is some- 
thing that authorizers and appropriators, as you heard Steve 
VanRoekel talk about earlier, can review. The budget process 
now — and having had a career at 0MB, I was all too familiar with 
this — does work where the planning occurs 2 years or more before 



41 


spending occurs, and so it is much harder to pivot in response. 
Through legislation, through expanding authorities for things like 
franchise funds and working capital funds, I think there is an in- 
teresting way to look at those as pilot elements. As I said, they do 
exist in places in government, but in other places require addi- 
tional authorization to implement. 

The last point I would make is, from my experience working on 
the E-Government Act of 2002, when I was at 0MB as a staffer 
working with staff from this Committee, that statute did not nec- 
essarily legislate in new areas, but it did state Con^ess’s — it did, 
in a numb^er of cases, actually introduce new provisions and, of 
course, created the office that Karen headed and that Steve 
VanRoekel heads now. It also reinforced some of the productive and 
instructive activities that were going on in government and en- 
sured that those activities were recognized as things that Congress 
endorsed, which supported agencies to expand those productive ac- 
tivities that were going on at the time, whether they were things 
like expanding digital signatures, expanding the use of portals as 
mechanisms to look into agencies to get better services, or other 
elements that that Act pointed out. 

Chairman Carper. All right. Thank you. 

A different kind of question, if I could, Ms. Evans, for you. As 
you know, cybersecurity is a very important issue. It continues to 
be. It is going to be with us for a long time, I fear. You serve as 
the National Director for the U.S. Cyber Challenge. I was hoping 
that you could tell us a little bit about how cybersecurity and IT 
management are linked and maybe share with us any advice you 
might have on that matter, that linkage. 

Ms. Evans. So, from the inception of the projects, whenever you 
do this, you always need to be assessing, what is the risk associ- 
ated with that service that you are getting ready to provide? Again, 
this is another area that is really being looked at. Should the Chief 
Information Security Officer be pulled out from the CIO organiza- 
tion? Should they be equal? Should they be separate? I personally 
believe that they need to be integrated, because it is about man- 
aging the information, and it also needs to be integrated into the 
budget process so that it is specifically resourced in order to be able 
to do it. 

But, to Dan’s point, the discussion that has to happen is how 
much risk is an agency willing to live with. The best example that 
I can give that is relevant to this Committee is when we had an 
IT failure in the Census program. Remember that project? 

Chairman Carper. I do remember that. 

Ms. Evans. Yes, I figured you did. And one of the ways 

Chairman Carper. I live a hundred more years 

Ms. Evans. Yes, and we have 10 years now. OK. But, part of 
what was also happening in that environment was a cybersecurity 
incident, and a recurring incident within the Department of Com- 
merce. And so you had to look at, were you really going to fix the 
IT project? How did you balance this cybersecurity problem that 
they had with exfiltration of data? They had this failure that was 
happening with IT. And, what was really the goal? The goal was 
to have quality data so that we could really rely upon that in order 
to be able to make decisions about representation for the Nation. 



42 


So, that is how the plan was then structured, to come back and 
say, the best way for us to rely on the data is to go back to a big 
portion of this being manual, because we do not know what is hap- 
pening on our networks. If we went to a data collection that was 
online, we would not be able to really certify that this data has not 
been touched or messed with in any way. 

That has to happen on every program, that type of analysis as 
we go forward, whether you are collecting personally identifiable 
information, what types of services you move online, how you do 
that, and then how are you going to validate the individuals to as- 
sure that they actually did what you needed them to do in that pro- 
gram. That has to be comprehensive, and IT is a solution that pro- 
vides for that and enables that, but it is really a risk management 
of services that a Secretary has to decide, what level am I really 
willing to live with. And they may decide that IT may not nec- 
essarily be the way to go because the cyber risk is too high for on- 
line services. 

Chairman Carper. OK. We have our third vote underway, and 
Dr. Coburn, I think, was going to vote in the second and third vote. 
Let me see, it started at 12:05 and it is about 12:10, so we are 5 
minutes into a 15-minute vote, so that helps me keep it straight. 

I will ask you one more question — I guess this would be more for 
Mr. Chenok — if I could. The framework that the lAC released today 
stresses the importance of getting good people involved in govern- 
ment IT projects to hopefully ensure their success. Could you just 
discuss with us for a couple of minutes what you believe are the 
biggest challenges that our government faces in getting the right 
people into these positions and keeping them there and any rec- 
ommendations you might have to address those challenges. 

Mr. Chenok. So, it is an interesting question, especially in an 
era when my children, for example, use IT and think about it as 
second nature to the work that they do, and 

Chairman Carper. How old are your kids? Do not tell me they 
are three and four. 

Mr. Chenok. They are school-age. 

Chairman Carper. OK. 

Mr. Chenok. So, they use it for school. But, when they enter the 
workforce and the newest generation of Federal employees who will 
become the leaders of tomorrow use technology, they do not think 
about it necessarily as, “I am going to be a technology worker,” or 
“I am going to be a Federal worker.” They think about it as, “I am 
going to work because I am passionate about government service 
and technology is a key lever and it is almost second nature to how 
I do my work.” 

And if we think about, from a workforce perspective, channeling 
that approach and encouraging workers at all levels of seniority in 
their Federal career to think about technology, as we talked about 
earlier, not as a separate sort of compliance activity, but as some- 
thing that, if done properly, is integrally related to achieving the 
mission outcomes that so many Federal employees are passionate 
about, I think it will get people excited about doing the hard work 
of understanding what it takes to manage programs well, because 
it does take work. Implementing frameworks like the 7-S Frame- 
work or the GAO Success Factors or those that Karen rec- 



43 


ommended in her testimony, it takes time. It does not come natu- 
rally, either in government or industry. 

So, I think part of the challenge is, as you heard from the first 
panel, bringing in terrific people, bringing in the best people from 
industry, currently working with government, from new entrants 
into the government space. And part of the challenge is helping 
current Federal employees understand that technology is an en- 
abler to helping them achieve and contribute to their mission to 
serve citizens. And taken from that perspective, technology be- 
comes an exciting part of, I think, a Federal employee’s career de- 
velopment, and it is not just about the CIO or their immediate 
staff, but it is the program and mission staff who are leveraging 
that to achieve results, just like the best companies are using tech- 
nology to achieve results. 

Chairman Carper. Good. I think we will call a halt there. If I 
leave in 1 minute, I can probably make this third vote and keep 
my perfect attendance record. Well, it is not quite perfect, but it 
is not bad. 

I want to really thank you both. It is great to see you, and thank 
you for all you do for us and have done for our country. Some day, 
I would just love it if we held a hearing and the private sector 
shows up on these IT projects and says, we could really learn a lot 
from the government and maybe we could mentor them, or school 
them. We learn a lot from them, and hopefully, we are learning a 
lot from one another now. But, I am encouraged that we are on the 
right track. We still know we have a lot to do, a lot of ways we 
can do better, and with your help, we will. 

In the meantime. Dr. Coburn and I and our colleagues, our staff, 
want to make sure that we stay attuned, tuned in, interested, and 
providing the kind of oversight that is constructive to get us to 
where we need to go. 

The hearing record is going to remain open for 15 days — that is 
until May 23 at 5 p.m. — for the submission of statements and ques- 
tions for the record. I expect we will have some. If you receive 
those, if you could respond to them promptly, we would be most 
grateful. 

Again, our thanks to you both. Good to see you, and take care. 
Thanks so much. 

Mr. Chenok. Thank you. 

Ms. Evans. Thank you. 

Chairman Carper. This hearing is adjourned. 

[Whereupon, at 12:15 p.m., the Committee was adjourned.] 




APPENDIX 


Opening Statement of Chairman Thomas R. Carper 
“Identifying Critical Factors for Success in Information Technology Acquisitions” 
Mays, 2014 


Good morning. Our thanks to today’s witnesses and guests for joining us today to examine the 
critical factors for success in developing and managing information technology, or IT, systems. 
My thanks as well to Dr. Cobum and his staff for their help in putting this hearing together. 

Today's hearing is part of this committee's ongoing efforts to improve how federal agencies 
acquire, implement and manage information technology. This is a topic that is near and dear to 
my heart and something that I have worked on for years with Dr. Coburn since he and I led the 
former Federal Financial Management subcommittee. 

During my time in the Senate, I've heard about - and chaired hearings on - a number of 
successful IT projects. I've also, unfortunately, worked with my colleagues to determine what 
went wrong with some failed projects. 

One example of a successful government IT project is the Western Hemisphere Travel Initiative, 
which went into effect in 2007, The program addressed one of the main 9/1 ! Commission 
findings — that before 9/1 1 people could show a border official one of hundreds of different kinds 
of documents in order to enter the U.S. at a land border port of entry, making it difficult for 
ofUciais to identify fraudulent documents. 

Since 2007, people trying to enter at land ports must present a DHS-approved secure card that 
communicates with Customs and Border Protection equipment to prove their citizenship. The 
project required that Customs and Border Protection modernize its port of entry infrastructure 
and IT systems in order to enable the use of technology, which it did successfully within two 
years. The program is still going strong today and has proven to be a very smart investment 

Some examples of failed projects include USAJobs, which is run by the Office of Personnel 
Management, the FBI's digital case management system called Sentinel, and of course the failed 
launch ofHeaithCare.gov. With regard to Healthcare.gov, the Administration was fortunately 
able to get things turned around quickly and millions of Americans - today more than 8 million - 
have signed up for insurance , many of them through HcalthCare.gov. 

But most struggling IT projects do not get the type of response - or media attention - that we 
saw with Healthcare.gov, with a team of experts rushing in to set things straight. Rather, what 
typically happens is that we continue to sink more money into thc.se programs as they sputter 
along. 

Now' the simple truth is that every organization, be it a federal agency or a Fortune 500 company, 
faces a host of challenges in implementing large IT projects. But from where 1 sit, it appears to 
me that the federal government seems to have more problems than the private sector. Or it may 


( 45 ) 



46 


seem that way because the government’s problems are more frequently on the front page of the 
paper given that they are paid for with tax dollars. 

Today’s hearing will explore the challenges organizations, both in government and in private 
industry, face in implementing IT systems. It will also examine the steps agencies need to take 
in order to be successful. 

Several of our witnesses today have significant experience w'orking in the private sector so Tm 
interested in hearing about the similarities and differences between government and industry. 
More importantly, I’m also interested in hearing about what lessons federal agencies can learn 
from how industry implements IT. 

1 also want to hear from our witnesses about what success looks like and what our agencies need 
to do to increase the likelihood that an IT project will succeed. As former Federal Reserve Vice 
Chairman Alan Blinder once advised my colleagues and I at a Finance Committee hearing, we 
need to “find out what works and do more of that.” 

Agencies need to get to a point where they succeed more often than not. But all of us need to 
acknowledge that there will always be projects that, despite our best intentions, wind up failing. 
When that happens, we need to make sure agencies know to pick up the pieces and avoid 
squandering the money we entrust to them on projects that should be scrapped. 


### 



47 


STATEMENT OF 

THE HONORABLE DANIEL M. TANGHERLINI 
ADMINISTRATOR FOR GENERAL SERVICES ADMINISTRATION 
BEFORE THE 

COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS 
UNITED STATES SENATE 

May 8, 2014 

Good morning Chairman Carper, Ranking Member Coburn, and Members of the Committee. 

My name is Dan Tangherlini, and I am the Administrator of the U.S. General Services 
Administration (GSA). 

The challenges of technology procurement and delivery facing the government have been a 
focus for better management and oversight throughout this Administration. They present an 
opportunity to deliver better outcomes for the American people in a more efficient manner. 
Given the U.S. General Services Administration's mission to deliver the best value in real estate, 
acquisition, and technology services to the government and the American people, we believe 
we are uniquely positioned to help make a difference in these efforts. Through better 
management of our own IT investments, as well as offerings GSA provides government-wide, 
GSA can support the Administration's efforts to better manage IT and help to continue 
improving some of these longstanding challenges. 

GSA Information Technology - 

Empowering the Chief Information Officer (CIO) 

Since my arrival at GSA, we have been focused on consolidating and streamlining major 
functions within the agency to eliminate redundancy, improve oversight, and increase 
accountability. Consistent with the Administration's push to strengthen CIO authorities, GSA 
brought together all IT functions, budgets, and authorities from across the agency under an 
accountable, empowered GSA CIO, in line with the best practices followed by most modern 
organizations today. GSA has moved from 17 different regional and bureau CIOs to one 
enterprise CIO office. To improve management and accountability, GSA established the 
Investment Review Board co-chaired by the GSA CIO and Chief Financial Officer (CFO) with 
oversight and authority over all GSA IT spending. Prior to this consolidation, GSA's business 
lines and often the regions had separate IT systems and budgets, providing limited visibility and 
oversight into proposed investments and creating significant redundancy and inefficiency. 



48 


Enterprise Planning 

GSA now has one enterprise-wide process for making IT investments, which ensures that 
investments are geared toward the highest priorities in support of the agency's strategic goals. 
We are now able to more comprehensively look at the portion of spending that is focused on 
operating and maintaining existing systems. We have set internal goals to reduce ongoing 
operating costs to allow the organization to make better long-term investments using our 
enterprise-wide, data driven zero-based IT budgeting process. 


Zero-based IT budgeting (ZBB) 

GSA is beginning to leverage an internal ZBB process to develop the IT budget. ZBB is a 
budgeting method that requires justification for all expenses in each new fiscal period. This 
method will ensure budgeting processes align to the organization's strategy by tying budget line 
items to specific strategic goals and initiatives. For instance, GSA used to maintain multiple 
systems to track engagements with partner Federal agencies. Through these changes, GSA's 
major business lines will share these tools, facilitating a two-fold win. From an IT perspective, 
we eliminated the cost of maintaining redundant systems, resulting in lower operations and 
maintenance costs. From the mission execution side, we improved engagement with partner 
Federal agencies by putting a more complete picture of who we work with in the hands of our 
staff. 

Enhanced Use of Cloud Computing and Consolidation of Data Centers 

Consolidation also provides an opportunity to adopt the best forward-leaning practices not just 
in where and what IT investments are made, but also how we support these investments. In 
recognition of the need to modernize not just applications but how we support IT, and 
consistent with broader Federal efforts, GSA instituted a "cloud first” policy that prompts all 
application development initiatives to look first to the GSA cloud platforms available as 
technology solutions before evaluating legacy platforms with higher operational costs, In doing 
this, GSA has saved money not only in the areas of reduced infrastructure costs, but also 
through the reuse of previously developed functionality. This initiative in part has also allowed 
us to consolidate 1,700 legacy applications into fewer than 100 cloud-based applications 
between 2011 and 2013, GSA's use of cloud services has saved $15 million dollars^ over the 
past five years. GSA has also been aggressive in shutting down unneeded data centers as part 
of the Federal Data Center Consolidation Initiative. In Fiscal Year 2013, GSA shut down 37 data 
centers, meeting our goal, and we intend to shut down an additional 24 this fiscal year. 


' Savings resulting from use of cloud services, such as Salesforce Platform as a Service, and E-mail as a 
Service. 



49 


Agile Development 

The focus of our transition has not been limited to what we build, but also how we build. GSA IT 
has moved away from the world of waterfall application development methodologies that have 
historically led to higher costs and poor product quality, to an agile methodology which allows 
us to work better, faster, and leaner than we ever have before. Our move to an agile 
development shop has resulted in a significant increase in our ability to rapidly deploy and 
scale. As a result, beginning in 2013, GSA's development cycle time has been reduced to six to 
eight weeks from eight to twelve months. 

These IT reform initiatives have resulted in more efficient allocation of IT resources. In FY 2013, 
GSA spent $698 million in IT spending. In FY 2015, GSA requested $572 million, a reduction of 
nearly 18 percent. We have cut 45 Full Time Equivalent positions in the IT area and identified 
several duplicative systems in the regions and between various offices that are now being 
consolidated. In addition, GSA's strategic hiring plan is focused on obtaining IT skills through 
government hires to allow us to decrease the reliance on contractors in some areas. 

Consolidated IT governance helps GSA realize a high-performing IT environment as effectively 
and efficiently as possible. Enterprise IT governance will ensure GSA is investing in the right 
initiatives at the right time, allow greater oversight of key iT investments, and promote 
interoperability and transparency through the GSA enterprise. It also allows a level of 
transparency and accountability that will lead to continuous ongoing improvement. 

IT Acquisition Solutions - 

In addition to our efforts to better manage internal GSA IT investments and policies, we also 
offer acquisition solutions to agencies that deliver savings and enable them to focus more on 
core mission activities, 

GSA aggregates and leverages the Federal government's buying power to obtain a wide range 
of information technology and telecommunications products and services in support of agency 
missions across government through contract vehicles like Schedule 70 and Networx, Schedule 
70 is an indefinite delivery/indefinite quantity (IDIQ) multiple award schedule that provides 
direct access to products, services, and solutions from more than 5,000 certified industry 
partners. Networx provides cost-effective solutions for partner agencies' communications 
infrastructure and service needs. Through better pricing of these and other similar acquisitions, 
GSA helped agencies save more than $1 billion in Fiscal Year 2013, and will help them save an 
additional $1 billion in Fiscal Year 2014 on these acquisitions.^ 


Compared to commercial pricing for comparable sen/ices and terms and conditions 



50 


Additionally, GSA is currently developing the Prices Paid Portal, This proof of concept tool is 
intended to provide greater visibility into the prices paid by government agencies for commonly 
purchased goods and services. Currently, the system is being populated with initial data on 
simple commodities such as office supplies, with data on more complex items to follow. 
Allowing the federal acquisition community to see and analyze the cost of these good and 
services is intended to drive better pricing for all future federal procurements. Our hope is to 
replicate our purchasing experience as individuals where comparative market pricing 
information is widely available, such as many e-commerce, travel and secondary market 
portals. 


Innovative Technologies and Digital Services - 

GSA also looks for opportunities to help agencies adopt new technologies and take advantage 
of digital services that improve mission delivery, and enhance their interactions with the public. 
For example, the Federal Risk and Authorization Management Program (FedRAMP) is a 
government-wide program that accelerates adoption of cloud computing across government by 
providing a standardized approach to security assessment, authorization, and continuous 
monitoring for cloud products and services. This mandatory approach, which uses a "do once, 
use many times" framework, is saving cost, time, and staff required to conduct redundant 
agency security assessments. 

GSA helps to ensure that we have tools that allow the Government to access the ingenuity of 
the American people to help solve Government's challenges. GSA manages Challenge.gov, an 
award-winning platform to promote and conduct challenge and prize competitions 
government-wide. Challenge.gov seeks to involve more Americans in the work of government. 
Eighty contests were hosted in FY 2013, covering a wide range of technical and creative 
challenges. For instance, the Federal Trade Commission (FTC) hosted a robocall challenge, 
which asked innovators to create solutions to block illegal robocalls on landline or mobile 
phones. The FTC received nearly 800 entries and selected two winners in a tie for the best 
overall solution. One winning solution, Nomorobo, went to market on September 30, 2013, 
and has blocked nearly 1.3 million calls for consumers. 

GSA also is leading efforts to open government data to entrepreneurs and other innovators to 
fuel development of products and services that drive economic growth. GSA operates 
Data.gov, the flagship open government portal, which enables easy access to and use of more 
than 90,000 data collections from over 180 government agencies. By facilitating information 



51 


transparency and access, GSA allows anyone, whether an individual or a business, to take public 
information and apply it in new and useful ways. A snapshot of the power of open data can be 
seen on Data.gov/lmpact, which provides a list of companies leveraging open government data 
to power the economy. 

GSA is also committed to helping agencies through smarter delivery of IT projects. In 
collaboration with White House Office of Science and Technology Policy, GSA manages the 
Presidential Innovation Fellows (PIF) program. The PIF program recruits and sources some of 
our nation's brightest individuals to specific agencies and challenges them to implement 
solutions that save money and make the Federal government work better for the American 
people. The program is set up to deliver results in months, not years, and has already 
demonstrated its value through solutions like USAID's Better than Cash and VA's Blue Button. 

Building on this approach, and in coordination with the Digital Service at 0MB, GSA recently 
announced the creation of 18F— a digital delivery team within GSA that aims to make the 
government's digital and web services simple, effective, and easier to use for the American 
people. By using lessons from our Nation's top technology startups, these public service 
innovators are looking to provide support for our federal partners in delivering better digital 
services at reduced time and cost. 18F is structured to develop in an agile manner, building 
prototypes rapidly and putting them in the hands of users for feedback; measure success not in 
terms of completion of a system, but through customer use; build core capacity so that the 
government can build and deliver technology solutions; and scale what works iteratively. 

18F is already engaged in various initiatives to improve services GSA provides to our 
constituents. As an example, the 18F team helped develop a new, innovative tool called 
FBOpen (fbopen.gsa.gov) that allows small and innovative businesses to quickly access federal 
contracting and grant opportunities by using simple search queries. This open source search 
tool makes it easier for small businesses and less traditional federal contractors to better find 
and bid on government opportunities, while increasing competition and delivering a simpler 
way to find all of the opportunities the federal government makes available. By pairing 
innovative technologists with agency procurement experts and reaching out to small businesses 
to understand their needs, GSA was able to successfully test [and deploy] a viable product in 
less than six months. FBOpen is just one example of how use of smarter IT practices can 
shorten the time to value, whether work is performed by federal employees, contractors, or 
both. 



52 


Conclusion - 

GSA's internal IT reforms, acquisition solutions, and digital services are in keeping with our 
mission to deliver the best value in information technology solutions to government and the 
American people. GSA still has a lot of work ahead of us, and I appreciate the Committee's 
support of our reform efforts. 

I appreciate the opportunity to appear before you today and I am happy to answer any 
questions you have. Thank you. 



53 


EMBARGOED UNTIL DELIVERED 


EXECT nVE OFFICE OF THE rKESIDKM 
OFFICE OF MANAGEMENT AND Bl’DGEl' 

WASHINCiTON, D.C. 205(13 

May 8, 2014 

STATEMENT OF STEVEN VANROEKEL 
FEDERAL CHIEF INFORMATION OFFICER, 

ADMINISTRATOR FOR E-GOVERNMENT AND INFORMATION TECHNOLOGY, 
OFFICE OF MANAGEMENT AND BUDGET 

BEFORE THE COMMITTEE ON HOMELAND SECURITY AND 
GOVERNMENT AFFAIRS 
UNITED STATES SENATE 

Chairman Carper, Dr. Coburn, and Members of the Committee, thank you for the 
opportunity to testify before you about the best practices and factors for successful acquisition of 
information technology (IT) investments. 

During my 20 years in the private sector, I woke up every day focused on improving and 
expanding core services and customer value while also cutting costs. I brought this focus with 
me to the Federal Government. When I joined the Administration in 2009. and the Office of 
Management and Budget (0MB) in 201 1. I found willing partners in this mission and have spent 
the past 3 years at 0MB focused on driving innovation to meet customer needs, maximizing our 
return on investments in Federal information technology, and establishing a trusted foundation 
for securing and protecting our information systems. 


Focus on Efficiency 

Constantly improving the state of Federal technology is a priority for this Administration, 
and is a mission that 0MB takes seriously. In these times of Hscal constraint, this means we 
must drive innovation while controlling spending — by maximizing effectiveness and efficiency 
in everything we do. The Administration's first term efforts largely focused on establishing 
mechanisms to stop out of control IT spending, promoting new technologies such as cloud 
computing and mobile, opening up Federal Government data for private sector use, enhancing 
cyber capabilities, and deploying Federal technology as a tool to increase efficiency to allow 
government to do more with less. 

In the decade prior to this Administration, the Federal IT Budget increased at the 
Compound Annual Growth Rate of 7.1 percent. If spending increased at the same rate during 
this Administration, our current IT budget request would total ,tl 17 billion. How'ever, through 
PortfolioStat data-driven accountability sessions, and with the help of this Committee, Federal 
agencies enhanced analytical approaches to more effectively manage Federal IT portfolios and 
improve IT cost oversight. The Office of E-Government established a rigorous, continuous 
process for agencies to drive and measure information technology savings through the 
consolidation of duplicative services and other tactics to fund investment in innovation. 



54 


EMBARGOED UNTIL DELIVERED 


The result is over $2.5 billion of identified cost savings and $ 1 .9 billion of realized 
savings through the PortfolioStat process and a consolidation of commodity IT. During this 
Administration, we flat-lined Federal IT spending, driving efficiencies and fueling innovation 
across the Federal technology portfolio, through initiatives like data center consolidation, cloud 
computing and the Administration's Digital Government strategy, all the while working to keep 
Federal data safe and secure. Through these efforts and others. Federal agencies began to seize 
upon productivity gains seen in the private sector and apply technology to improve efficiency of 
our Government. 


Focus on Effectiveness 


One of the pillars of the President’s Management Agenda is a focus on increasing 
effectiveness - finding ways to deliver world class customer service to citizens and businesses. 
Our efforts underway on Smarter IT delivery are a key part of this work. With our actions to 
drive efficiency across IT portfolios firmly underway, we are increasing these efforts to deliver 
smartcr, more effective applications of technology to improve the delivery of Federal services, 
information, and benefits. In doing so, we are applying the same rigor and data-driven analytical 
capabilities we used to drive efficiency across Federal IT to ensure agencies use IT effectively to 
deliver on their core missions. 

To deliver citizens the services they expect from their Government, we must shift the 
focus of Federal Government IT project.s from compliance and process to meeting user need.s, 

We must be intensely user-centered and agile, involve top talent from the private sector in 
Government IT projects, and ensure agency leadership is actively engaged and accountable to the 
public for the success of the digital services of their agency. To support this effort, the 
Administration's Smarter IT Delivery Agenda seeks to improve the value we deliver to citizens 
through Federal IT, and the speed and cost-cffectiveness with which it is delivered. 

The work of the Smarter IT Delivery Agenda builds upon the progress of reshaping the 
delivery of information technology already underway, as well as introduces new approaches and 
tools to transform the Government IT landscape. To do this, we are focused on a three-part 
Agenda focused on ensuring the Federal Government has: (I ) the best talent w'orking inside 
Government; (2) the be,st companies working with Government: and, (3) the best processes in 
place to make sure everyone involved can do their best work and be held accountable for 
delivering excellent results for our customers, the American people, 

I'he Smarter IT Delivery Agenda aims to increase customer satisfaction with top 
Government digital services; decrease the percentage of Federal Government IT projects that are 
delayed or over-budget; and increase the speed with which we hire and deploy qualified talent to 
work on Government IT projects. 

There are several key projects already underway, and we will undertake additional 
projects in the coming months as the agenda continues to evolve. 



55 


EMBARGOED UNTIE DELIVERED 


Focus Area 1: Get the Right Talent Working Inside Government 

IT excellence starts with having the best people executing IT in Government. While 
there are many talented IT professionals across Government, if is clear that we need to broaden 
and deepen this talent pool to meet present and future needs. 

We must also work to solve the current challenges facing Government when it comes to 
quickly hiring qualified technical talent. IT is already one of the most competitive job markets in 
our economy, but Government hiring processes make competing for that talent even more 
challenging. Today, the average hiring cycle for IT speciali,st in the Federal Government is over 
100 days. The norm for leading private sector companies is 7-14 days. Given the competitive 
markets for technical talent. Government is often unable to acquire top candidates given the 
current hiring process. 


The Digital Service 


To accelerate the pace of change, we are standing up a Digital Service — a centralized, 
world-class capability that is part of the Federal CIO Team made up of our country's brightest 
digital talent, which we will pilot with existing funds in 2014, and scale in 2015 according to the 
President's FYl 5 budget. The team will be charged with removing barriers to exceptional 
Government service delivery and remaking the digital experiences that citizens and businesses 
have with their Government. 

Through a modest team of people housed within the E-Government office at 0MB, the 
Digital Service will establish standards to bring the Government’s digital services in line with the 
best private sector service experiences, define common platforms for re-use that will provide a 
consistent user experience, collaborate with agencies to identify gaps in their delivery capacity to 
design, develop, and deploy excellent citizen-facing services, and provide oversight and 
accountability to ensure we see results. The Digital Service is a close partnership with the 18F 
delivery team at U.S, General Services Administration (GSA), and w'iil work side-by-side with 
agcncic.s to ensure they have the resources and talent needed to deliver great .services on time, on 
spec, on budget, and with optimal u.ser-functionality. 

Flexible Hirim A uth ority Options for IT Talenl 

Building on the success of the Presidential Innovation Fellow s program — a program that 
is delivering low-cost, innovative solutions like RFP-EZ, advancing open data initiatives at 
agencies and more — the Administration is pursuing flexible hiring authority options for IT talent, 
reducing barriers to the hiring of key digital experts in government. The program is being 
developed in partnership with the Office of Personnel Management, and would be phased in with 
agencies such as GSA. 



56 


EMBARGOED UNTIL DELIVERED 


Focus Area 2; Get the Best Companies Working with Government 

The Administration is also taking steps to reduce barriers and burdens in Federal 
procurement and increase the ability for innovative and non-tradifional companies to work with 
the Federal Government with FBOpen — a new platform that allows easier access to Federal 
opportunities. In addition, 0MB recently worked with GSA and procurement experts across 
Government on an open dialogue' to reduce barriers and burdens in Federal procurement. 

Open Dialoeiie 

fhc open dialogue was a joint effort between the Chief Acquisition Officers Council, 
OMB, GSA, and the Chief Information Officers Council to engage all stakeholders in the 
acquisition community to better understand the opportunities and challenges they face when 
doing business with the Federal Government, The focus of the dialogue was to generate solutions 
in three areas: streamlining reporting and compliance requirements, identifying industry best 
practices, and increasing participation by qualified non-traditional Government contractors. We 
anticipate that we will have recommendations for actions emerging from this work, and are eager 
to work w ith Congress on developing a wholc-of-government approach to improving Federal 
acquisitions. 


Focus Area 3: Put the Right Processes and Practices in Place to Drive Outcomes and 
Accountability 


Complicated Federal IT projects often face similar challenges; (1) they lack visibility 
and real-time communication among the technical or IT staff, the mission or business owner, and 
the executive team; (2) they use the outdated waterfall approach to technology development, 
which includes long lead requirements setting rather than the agile approaches — where products 
are developed in rapid, iterative cycles — that have made the consumer Internet so successful; and 
(3) there is re.sponsibility and accountability regarding compliance issues, but not enough end-to- 
end responsibility for the project actually working for its intended users at targeted inve.stment 
levels. Taken together, these qualities can result in sub-optimal outcomes and high costs. 

To address these issues, the Administration will focus its efforts on driving accountability 
for customer service, mission results and cost; sharing best practices; and guiding agencies and 
contractors in delivering great digital services. 

"Tech FAR" Guide 


The Administration will develop a compilation of the 2U' Century, agile aspects of the 
Federal Acquisition Regulation (FAR) that will guide agencies in soliciting services in new 
ways — ways that more closely match techniques used by the private sector — such as using 
challenges and crowdsourcing approaches to involve citizens, writing requirements that allow for 
more flexible execution, or a pay-for-service model. In particular, the guide will include FAR- 


' http:/'www.gpo,gov/fdsys/pkg/FR-2014-04-23/pdf/2014-09l29.pdf 



57 


EMBARGOED UNTIL DELIVERED 


allowed processes used by agencies that have successfully implemented IT projects, many of 
w'hich are currently underutilized. 


"DivUal Service Plavbook " 


The Administration will develop a "Digital Service Playbook” to share best practices for 
effective IT service delivery in Government. This playbook will build on successes both within 
and outside Government and will guide both technical and business owners within agencies. It 
will include best practices for building modern solutions across the implementation of the 
technology, how to measure customer input and manage customer expectations, and how to 
share solutions across Government. 

Port folioStat 2014 

This .spring, the Administration is implementing PortfolioStat 2014, the third year of this 
successful program. PortfolioStat 2014 will not only continue the rigorous data-driven focus on 
finding effciencies in agencies that has resulted in $1 .9 billion in savings since 2012, but also 
adds a new focus on accountability around service delivery to ensure agencies are accountable 
for delivering on their highest impact IT investments. As I have testified previously, the 
PortfolioStat process brings together technology experts with the agency’s senior accountable 
officials and Deputy Secretary to evaluate agency performance against measured outcomes and 
increase accountability and responsibility within agencies. 


The Information Technology Oversi2ht and Reform Fund & Enhanced Cyber Security 

An important part of successful acquisition of IT investments is providing proper 
oversight. The FY 20 1 5 Budget specifically requests $20 million for the Information 
Technology Oversight and Reform (iTOR) fund. This fund, previously known as the Integrated, 
Efficient, and Effective Uses of Information Technology (lEEUIT), will use data, analytics and 
digital services to improve the efficiency, effectiveness and security of Government operations 
and programs. 

However, before discussing the Administration’s FY 2015 request for the Information 
Technology Oversight and Reform (ITOR) fund and Office of E-Government, I want to raise 
OMB’s overall FY 201 5 budget request. The President’s FY 2015 Budget for 0MB requests 
$93.5 million and 480 full-time equivalents to address growing workloads while making targeted 
investments to enable 0MB to more effectively oversee program management and funding 
across more than 100 agencies and departments throughout the Federal Government. This is a 
critical investment w ith large returns in the form of improved program management, budgetary 
savings, and smarter regulations -- some of the many critical outcomes that the Administration, 
Congress, and the American people look to 0MB to help ensure. 


The requc.sted ITOR funding will allow 0MB to continue to play a central role in 
supporting the development and execution of a wide range of crucial programs and policies and 
managing critical Government functions. Today more than ever, 0MB has a central role to play 



58 


EMtJARGOED UNTIL DELIVERED 


in our efforts to move our economy forward by creating jobs, growing the economy, and 
promoting opportunity for all. 

With the funding requested for FY 2015, 0MB would continue the work of PortfolioStat 
and enhance cybersecurity capabilities that w'ill ensure we can protect our country's national 
digital assets. The additional funding represented in ITOR will enable 0MB to better leverage 
analytics and industry expertise to conduct targeted, risk-based oversight reviews of agencies’ 
cybersecurity activities. The result of these efforts will inform future Federal information 
security policies, metrics, and Cro.ss Agency Priority (CAP) goals, and will ensure successful 
implementation of important policy work underway with continuous diagnostics, anti-phishing, 
and identity management initiatives. The FY 2015 ITOR request represents a modest 
investment in comparison to the total Federal IT spending of approximately $80 billion annually. 
Through the ITOR fund and the help of the Committee, we have delivered tangible results in 
Government technology efficiency. We look forward to delivering the same return on investment 
from these funds as we apply them to effectiveness of technology in FY 2015. 

Conclu.sion 


In conclusion, it is apparent that in today’s world we can no longer separate the 
effectiveness of our Federal programs from the smart use of IT. By increasing emphasis on 
cu,stomer needs and making it faster and easier for individuals and businesses to complete 
tran.sactions with the Government — online or offline — we can deliver the worid-class services 
that citizens expect. To do this it is imperative that we get the best talent working inside 
Government, the best companies working with Government, and the best processes in place to 
deliver results for our customers, the American people. 

Mr, Chairman and Members of the Committee, thank you for holding this hearing and 
inviting me to speak today. 1 appreciate this Committee's interest and ongoing support and I am 
excited to continue working with the Committee on our shared goal of improving the efficiency 
and effectiveness of our Government. I would be pleased to answer any questions you may have 
at this time. 



59 


GAO 


United States Government Accountability Office 

Testimony 

Before the Committee on Homeland 
Security and Governmental Affairs, 
U.S. Senate 


INFORMATION 

Thursday May 8, 2014 I I Nl V-/l\IVir^l I V-/ I M 

TECHNOLOGY 

Implementing Best 
Practices and Reform 
Initiatives Can Help 
Improve the Management 
of Investments 


statement of David A, Powner, Director 
Information Technology Management Issues 


GAO-1 4-596T 



60 


GAO 

Highlig hts 


"lig'v o! •••• 


: a tesWony : : > 
I'lameiand Sacurify' 

'.■!;Si,'Sehate-;'-'';, 1.:, 


Why GAO Did This Study 

The federal goverrjrnent, reportedly 
p; 2 f>s 10 spend at least S82 billion ort^^§- 
in fiscal year 2014. Givon^the scale 
such planned outlays and the critical^ 
of many of these systems to the he^^|| 
economy, and security of the tiation^^- 
is irnpoilant that 0MB and federal 
agencies provide appropriate bversi^l 
eind transparency into these prograr^^^^''- 
and avoid duplicative investments, , 
whenever possible, to ensure the n 
efficient use of resources. 

GAO has previously reported s 

testified that federal IT projects t 

frequently fail and incur cost overftfrtdr 
and schedule slippages while 
contributingTittle id; rhission-reUr. .*d 
outcorn'eS.: Numerous best practiQe^iiif 
and adthlrjislratlo.nrihitiatives are 
avaitabidfopagencie!' tii n f-ni fi- Y iss 
theiti impyaye theoVersight and ■ ' ^ 

managertterit-Qf jT'ac'.!:.iis‘ii'.'>ri>; 

GAOts testifying.today on (he results 
and reoQmmehdatlar - 4ed 
reports that focused on how best - 
practi.ces,af»d.JT reform initiatives ^ 
help: federal agencies befte’' manas^ 
major-' acquisltions'-and legacv 
investments.- s-. 

What GAO Recommends 


GAO has previously i lade r 
'ecommendations to Oh© and federsri 
agencies^.on key aspects o( IT 
managemept.lncludingthe ff 
Dashboard and efforts to consoltd^e . 
federal data centers A ■* ts : . 

-■eport being released today. GAO also 
recommended that agencies take 
actions to improve thelf ir 
development approaches 


r-^-a'IDov'c) = 

j:-o>-.'’crd@gio fiOV 


INFORMATION TECHNOLOGY 

Implementing Best Practices and Reform Initiatives 
Can Help Improve the Management of Investments 


What GAO Found 

GAO recently reported on nine critical factors underlying successful major 
information technology (IT) acquisitions. Factors cited included (1) program 
officials were actively engaged with stakeholders and (2) prioritized 
requirements. 

One key IT reform initiative undertaken by the Office of Management and Budget 
(0MB) is the IT Dashboard, which provides information, including ratings of risk, 
on 760 major investments at 27 federal agencies. As of April 201 4, according to 
the Dashboard. 559 investments were low or moderately low risk, 159 were 
medium nsk, and 42 were moderately high or high risk. 

GAO has issued a series of reports on Dashboard accuracy and. in 201 1 , found 
that, while there were issues with the accuracy and reliability of cost and 
schedule data, the accuracy of these data had improved over time. However, a 
recent GAO report found that agencies had removed major investments from the 
Dashboard, representing a troubling trend toward decreased transparency. GAO 
also reported that, as of December 2013, the public version of the Dashboard 
was not updated for 15 of the previous 24 months. GAO made recommendations 
to ensure that the Dashboard includes all major IT investments and increase its 
availability. Agencies generally agreed with the report or had no comments, 

An additional key reform initiated by 0MB emphasizes incremental development 
in order to reduce investment risk. In 2010 it called for agency investments to 
deliver functionality every 12 months and since 2012 has required investments to 
deliver functionality every 6 months. However, in its report released today, GAO 
found that almost three-quarters of investments reviewed did not plan to deliver 
capabilities every 6 months and less than half planned to deliver capabilities in 
12-monlh cycles. GAO recommended that 0MB develop and issue clearer 
guidance on incremental development and that selected agencies update and 
implement their associated policies. Most agencies agreed with GAO 
recommendations, while others disagreed or had no comment. GAO continues to 
believe that its recommendations are valid. 

in an effort to consolidate the number of federal data centers, OMB launched a 
consolidation initiative intended to close 40 percent of data centers by 2015, and 
in doing so. save $3 billion. GAO reported that agencies planned to close 1,055 
data centers by the end of fiscal year 2014, but also highlighted the need for 
continued oversight. Among other things, GAO recommended that OMB improve 
the execution of important oversight responsibilities, with which OMB agreed. 

To better manage the government’s existing IT systems, OMB launched the 
PortfolioStal initiative, which, among other things, requires agencies to conduct 
annual reviews of their IT investments and make decisions on eliminating 
duplication. GAO reported that agencies continued to identify duplicative 
spending as part of PortfolioStal and that this initiative has the potential to save 
at least $5.8 billion by fiscal year 2015, but that weaknesses existed in agencies’ 
implementation of the initiative’s requirements. Among other things, GAO made 
several recommendations to improve agencies’ implementation of PortfolioStal 
requirements. OMB partially agreed with these recommendations, and most of 
the other 20 agencies agreed to implement them. 

United States Government Accountability Office 


61 


Chairman Carper, Ranking Member Coburn, and Members of the 
Committee; 

! am pleased to be here today to discuss how best practices and major 
information technology (IT) reform initiatives can help the federal 
government better acquire and manage IT investments. As reported to 
the Office of Management and Budget (OMB), federal agencies plan to 
spend at least $82 billion on IT in fiscal year 2014, Given the scale of 
such planned outlays and the criticality of many of these systems to the 
health, economy, and security of the nation, it is important that OMB and 
federal agencies provide appropriate oversight and transparency into 
these programs and avoid duplicative investments, whenever possible, to 
ensure the most efficient use of resources. 

However, as we have previously reported and testified, federal IT projects 
too frequently fail and incur cost overruns and schedule slippages while 
contributing little to mission-related outcomes.'' During the past several 
years, we have issued multiple reports and testimonies on best practices 
for major acquisitions and federal initiatives to acquire and improve the 
management of IT investments.^ in those reports, we made numerous 


’See, for example, GAO, Information Technology: OMB and Agencies Need to More 
Effectively Implement Major Initiatives to Save Billions of Dollars, GAO-13-796T 
(Washington, O.C.: July 25, 2013); Secure Border Initiative: DHS Needs to Reconsider Its 
Proposed Investment in Key Technology Program. GAO-10-340 {Washington, D.C,: May 

5, 2010); and Polar-Orbiting Environmental Satellites: With Costs Increasing and Data 
Continuity at Risk, Improvements Needed in Tri-agency Decision Making. GAO-09-564 
(Washington, O.C.: June 17, 2009). 

^See, for example, GAO, Information Technology: Leveraging Best Practices to Help 
Ensure Successful Major Acquisitions. GAO-14-183T (Washington, D.C.: Nov, 13, 2013); 
Information Technology: Additional Executive Review Sessions Needed to Address 
Troubled Projects. GAO-13-524 (Washington, D.C,: June 13, 2013); Data Center 
Consolidation: Strengthened Oversight Needed to Achieve Billions of Dollars in Savings. 
GAO-13-627T (Washington. D C,. May 14. 2013); Data Center Consolidation: 
Strengthened Oversight Needed to Achieve Cost Savings Goal, GAO- 13-378 
(Washington, D.C.: Apr. 23. 2013); Information Technology Dashboard: Opportunities 
Exist to Improve Transparency and Oversight of Investment Risk at Select Agencies, 
GAO--13-98 (Washington, D.C.; Oct, 16, 2012); Data Center Consolidation: Agencies 
Making Progress on Efforts, but Inventories and Plans Need to Be Completed. 

6. AO-12-742 (Washington. D.C,: Juty 19, 2012); Information Technology: Critical Factors 
Underlying Successful Major Acquisitions. GAO- 12-7 (Washington, DC.; Oct. 21, 2011); 
Information Technology: Continued Attention Needed to Accurately Report Federal 
Spending and Improve Management. GAO-11-831T (Washington, D C.: July 14, 2011); 
and Information Technology: Investment Oversight and Management Have Improved but 
Continued Attention Is Needed, GAO-1 1-454T (Washington, D.C.; Mar. 17, 2011). 


Page 1 


GAO-14-596T 



62 


recommendations to federal agencies and 0MB to further enhance the 
management and oversight of IT programs. 

As discussed with committee staff, I am testifying today on the results and 
recommendations from our selected reports on how best practices and IT 
reform initiatives can help federal agencies better manage major 
acquisitions and legacy investments. This includes summarizing our 
report being released today on agencies’ use of incremental development 
approaches.^ All work on which this testimony is based was performed in 
accordance with generally accepted government auditing standards or all 
sections of GAO’s Quality Assurance Framework that were relevant to 
our objectives. Those standards and the framework require that we plan 
and perform our audits and engagements to obtain sufficient, appropriate 
evidence to provide a reasonable basis for our findings and conclusions 
based on our audit objectives; the framework also requires that we 
discuss any limitations in our work. We believe that the information, data, 
and evidence obtained and the analysis conducted provide a reasonable 
basis for our findings and conclusions based on our objectives. A more 
detailed discussion of the objectives, scope, and methodology of this 
work is included in each of the reports on which this testimony is based/ 


Background 


Information technology should enable government to better serve the 
American people. However, despite spending hundreds of billions on IT 
since 2000, the federal government has experienced failed IT projects 


^QAO. Information Technology: Agencies Need to Establish and Implement Incremental 
Development Policies, GAO-14-361 (Washington, D.C.; May 1, 2014), 

‘‘GAO-14 -361 ; GAO, Information Technology: Additional 0MB and Agency Actions are 
Needed to Achieve Portfolio Savings, GAO-14-65 (Washington, D.C.: Nov. 6, 2013); IT 
Dashboard: Agencies are Managing Investment Risk, but Related Ratings Need to Be 
More Accurate and Available. GAO-14-64 (Washington, D.C.: Dec. 12, 2014); 

GAO-13- 524: GAO-13-378; GAO-13-98; GAO-12-742; Information Technology Reform: 
Progress Made; More Needs to Be Done to Complete Actions and Measure Results, 
GAO-12-461 (VVashington, D.C.; Apr. 26. 2012); IT Dashboard: Accuracy Has Improved, 
and Additional Efforts Are Under Way to Better Inform Decision Making, GAO-1 2-210 
(Washington, D.C.: Nov, 7. 2011); GAO-12-7; Data Center Consolidation: Agencies Need 
to Complete Inventories and Plans to Achieve Expected Savings. GAO-l 1 -565 
(Washington, D.C.: Jui. 19. 2011); Information Technology: 0MB Has Made 
Improvements to Its Dashboard, but Further Work Is Needed by Agencies and 0MB !o 
Ensure Data Accuracy. GAO-1 1-262 (Washington, D C.: Mar, 15, 2011); and Information 
Technology: OMB's Dashboard has Increased Transparency and Oversight, but 
Improvements Needed. GAO-10-701 (Washington, D C.: July 16, 2010). 


Page 2 


GAO-1 4-596T 



63 


and has achieved little of the productivity improvements that private 
industry has realized from IT. Too often, federal IT projects run over 
budget, behind schedule, or fail to deliver results. In combating this 
problem, proper oversight is critical. 

Both 0MB and federal agencies have key roles and responsibilities for 
overseeing IT investment management, and 0MB is responsible for 
working with agencies to ensure investments are appropriately planned 
and justified. However, as we have described in numerous reports,^ 
although a variety of best practices exist to guide their successful 
acquisition, federal IT projects too frequently incur cost overruns and 
schedule slippages while contributing little to mission-related outcomes. 

Agencies have reported that poor-performing projects have often used a 
“big bang" approach — that is, projects that are broadly scoped and aim to 
deliver capability several years after initiation. For example, in 2009 the 
Defense Science Board reported that the Department of Defense’s 
(Defense) acquisition process for IT systems was too long, ineffective, 
and did not accommodate the rapid evolution of IT.® The board reported 
that the average time to deliver an initial program capability for a major IT 
system acquisition at Defense was over 7 years. 

Each year, 0MB and federal agencies work together to determine how 
much the government plans to spend on IT projects and how these funds 
are to be allocated. As reported to 0MB, federal agencies plan to spend 
more than $82 billion on IT investments in fiscal year 2014, which is the 
total expended for not only acquiring such investments, but also the 
funding to operate and maintain them. Of the reported amount, 27 federal 


®See. for example. GAO, F£MA: Action Needed to Improve Administration of the National 
Flood Insurance Program. GAO'11-297 (Washington, D.C.: June 9, 2011); GAO-10-340; 
Secure Border Initiative: DHS Needs to Address Testing and Performance Limitations 
That Place Key Technology Program at Risk. GAO-10-158 (Washington, D.C.; Jan, 29, 
2010); and GAO-09-564. 

^Defense Science Board, Report of the Defense Science Board Task Force on 
Department of Defense Policies and Procedures for the Acquisition of information 
Technology Washington, D.C.; March 2009). 


Page 3 


GAO-14-596T 



64 


agencies^ plan to spend about $75 billion: $17 billion on development and 
acquisition and $58 billion on operations and maintenance (O&M).® Figure 
1 shows the percentages of total planned spending for 2014 for the $75 
billion spent on development and O&M. 


Figure 1 : Percentages of Planned tT Spending for Fiscal Year 201 4 



Source: GAO analysis of cue data. 


$17.2 billion 

Development 


$57.9 billion 

Operations and maintenance 


However, this $75 billion does not reflect the spending of the entire 
federal government. We have previously reported that OMB’s figure 
understates the total amount spent in IT investments.® Specifically, it does 
not include IT investments by 58 independent executive branch agencies, 
including the Central Intelligence Agency or by the legislative or judicial 
branches. Further, agencies differed on what they considered an IT 


^The 27 agencies are the Departments of Agriculture, Commerce, Defense. Education, 
Energy, Health and Human Services, Homeland Security, Housing and Urban 
Development. Interior. Justice, Labor, Stale, Transportation, the Treasury, and Veterans 
Affairs; U.S Army Corps of Engineers, Environmental Protection Agency, General 
Services Administration. National Aeronautics and Space Administration, National 
Archives and Records Administration, National Science Foundation, Nuclear Regulatory 
Commission, Office of Personnel Management, Small Business Administration, 
Smithsonian Institution, Social Security Administration, and U.S, Agency for International 
Development 

®According to the analytical perspectives associated with the President’s fiscal year 2014 
budget, the remainder is comprised of classified Defense IT investments. 

®GAO. Infomation Technology: 0MB Needs to Improve Its Guidance on IT Investments, 
GAO-1 1-826 (Washington, D.C.; Sept 29. 2011). 


Page 4 


GAO-14-596T 



65 


investment; for example, some have considered research and 
development systems as IT investments, while others have not. As a 
result, not all IT investments are included in the federal government’s 
estimate of annual IT spending. OMB provided guidance to agencies on 
how to report on their IT investments, but this guidance did not ensure 
complete reporting or facilitate the identification of duplicative 
investments. Consequently, we recommended, among other things, that 
0MB improve its guidance to agencies on identifying and categorizing IT 
investments. 

Further, over the past several years, we have reported that overlap and 
fragmentation among government programs or activities could be 
harbingers of unnecessary duplication.’® Thus, the reduction or 
elimination of duplication, overlap, or fragmentation could potentially save 
billions of tax dollars annually and help agencies provide more efficient 
and effective services. 


OMB Has Launched Major OMB has implemented a series of initiatives to improve the oversight of 
Initiatives for Overseeing underperforming investments, more effectively manage IT, and address 

Investments duplicative investments. These efforts include the following: 

• IT Dashboard. Given the importance of transparency, oversight, and 
management of the government’s IT investments, in June 2009, OMB 
established a public website, referred to as the IT Dashboard, that 
provides detailed information on 760 major IT investments at 27 
federal agencies, including ratings of their performance against cost 
and schedule targets. The public dissemination of this information is 
intended to allow OMB; other oversight bodies, including Congress; 
and the general public to hold agencies accountable for results and 
performance. Among other things, agencies are to submit Chief 
Information Officer (CIO) ratings, which, according to OMB’s 
instructions, should reflect the level of risk facing an investment on a 
scale from 1 (high risk) to 5 (low risk) relative to that investment’s 


’°GAO, 2013 Annual Report: Actions Needed to Reduce Fragmentation, Overlap, and 
Duplication and Achieve Other Financial Benefits, GAO'13-279SP (Washington, D.C.; 
Apr. 9. 2013); 2012 Annual Report: Opportunities to Reduce Duplication. Overlap and 
Fragmentation. Achieve Savings, and Enhance Revenue, GAO-12-342SP (Washington, 
D.C.; Feb. 28. 2012); and Opportunities to Reduce Potential Duplication in Government 
Programs. Save Tax Dollars, and Enhance Revenue, GAO- 11 -3185? (Washington, D.C,: 
Mar. 1,2011). 


Page 5 


GAO-14-596T 



66 


ability to accomplish its goals. Ultimately, CIO ratings are assigned 
colors for presentation on the Dashboard, according to the five-point 
rating scale, as illustrated in table 1 . 


Table 1 : IT Dashboard CIO Rating Colors, 
Ratings 

Based on a Five-Point Scale for CIO 

Rating (by agency CIO) 

Color 

1-High risk 

Red 

2-Moderateiy high risk 

Red 

3-Mediiim risk 

Yellow 

4-Moderateiy low risk 

Green 

5-Low risk 

Green 


Soiifc® OMB'S iT DasWoa'ti 


As of April 2014, according to the IT Dashboard, 201 of the federal 
government’s 760 major IT investments — ^totaling $12.4 billion — were 
in need of management attention (rated “yellow” to indicate the need 
for attention or “red" to indicate significant concerns). (See fig. 2.) 



I Normal 
I Neecis attention 
j Significant concerns 


Source: OMBs IT Dashboard. 


GAO-14-596T 





67 


• TechStat reviews. In January 2010, the Federal CIO began leading 
TechStat sessions — face-to-face meetings to terminate or turnaround 
IT investments that are failing or are not producing results. These 
meetings involve 0MB and agency leadership and are intended to 
increase accountability and transparency and improve performance. 
Subsequently, OMB empowered agency CIOs to hold their own 
TechStat sessions within their respective agencies. According to the 
former Federal CIO, the efforts of OMB and federal agencies to 
improve management and oversight of IT investments have resulted 
in almost $4 billion in savings. 

• Federal Data Center Consolidation Initiative. Concerned about the 
growing number of federal data centers, in February 201 0 the Federal 
CIO established the Federal Data Center Consolidation initiative. This 
Initiative’s four high-level goals are to promote the use of “green 

by reducing the overall energy and real estate footprint of government 
data centers; reduce the cost of data center hardware, software, and 
operations: increase the overall IT security posture of the government; 
and shift IT investments to more efficient computing platforms and 
technologies. OMB believes that this initiative has the potential to 
provide about $3 billion In savings by the end of 2015. 

• IT Reform Plan. In December 2010, OMB released its 25-point plan to 
reform federal IT,’^ This document established an ambitious plan for 
achieving operational efficiencies and effectively managing large- 
scale IT programs. In particular, as part of an effort to reduce the risk 
associated with IT acquisitions, the plan calls for federal IT programs 
to deploy capabilities or functionality in release cycles no longer than 
12 months, and ideally, less than 6 months. The plan also identifies 
key actions that can help agencies implement this incremental 
development guidance, such as working with Congress to develop IT 
budget models that align with incremental development and issuing 
contracting guidance and templates to support incremental 
development- 


^“Green IT” refers to environmentally sound computing practices that can include a 
variety of efforts, such as using energy efficient data centers, purchasing computers that 
meet certain environmental standards, and recycling obsolete electronics. 

25 Point Implementation Plan to Reform Federal Information Technology 
Management (Washington. D.C.: Dec 9, 2010). 


Page 7 


GAO-14-596T 



68 


• PortfoUoStat In order to eliminate duplication, move to shared 
services, and improve portfolio management processes, in March 
2012, OMB launched the PortfolioStat initiative. Specifically, 
PortfolioStat requires agencies to conduct an annua! agency-wide IT 
portfolio review to, among other things, reduce commodity 
spending and demonstrate how their IT investments align with the 
agency’s mission and business functions.^'* PortfolioStat is designed 
to assist agencies in assessing the current maturity of their IT 
investment management process, making decisions on eliminating 
duplicative investments, and moving to shared solutions in order to 
maximize the return on IT investments across the portfolio. OMB 
believes that the PortfolioStat effort has the potential to save the 
government $2.5 billion over the next 3 years by, for example, 
consolidating duplicative systems. 


Opportunities Exist to 
improve Acquisition 
and Management of 
IT Investments 


Given the magnitude of the federal government’s annual IT budget, which 
is expected to be more than $82 billion in fiscal year 2014, it is important 
that agencies leverage all available opportunities to ensure that their IT 
investments are acquired in the most effective manner possible. To do so, 
agencies can rely on IT acquisition best practices, incremental 
development, and initiatives such as OMB’s IT Dashboard and 0MB- 
mandated TechStat sessions. Additionally, agencies can save billions of 
dollars by continuing to consolidate federal data centers and by 
eliminating duplicative investments through OMB’s PortfolioStat initiative, 


Best Practices Are Intended to Help Ensure Successful Major 
Acquisitions 


In 2011, we identified seven successful acquisitions and nine common 
factors critical to their success and noted that (1) the factors support 
OMB's objective of improving the management of large-scale IT 
acquisitions across the federal government and (2) wide dissemination of 


’^According to OMB. commodity IT includes services, such as enterprise IT systems (e- 
maif; identity and access management; IT security; web hosting, infrastructure, and 
content; and collaboration tools); IT infrastructure (desktop systems, mainframes and 
servers, mobile devices, and telecommunications); and business systems (financial 
management, grants-reiated federal financial assistance, grants-related transfer to state 
and local governments, and human resources management systems). 

’'“OMB, Implementing PortfolioStat Memorandum M-12-10 (Washington, D C.: Mar. 30, 
2012 ). 


GAO-1 4-596T 



69 


these factore could complement OMB’s effortsJ^ Specifically, we reported 
that federal agency officials identified seven successful acquisitions, in 
that they best achieved their respective cost, schedule, scope, and 
performance goals. Notably, aii of these were smaller increments, 
phases, or releases of larger projects. The common factors critical to the 
success of three or more of the seven acquisitions are generally 
consistent with those developed by private industry and are identified in 
table 2. 


Table 2: Common Critical Success Factors 


Program officials were acttveiy engaged with stakeholders. 

Program staff had the necessary knowledge and skills. 

Senior department and agency executives supported the programs. 

End users and stakeholders were involved in the development of requirements. 
End users participated in testing of system functionality prior to formal end user 
acceptance testing. 

Government and contractor staff were consistent and stable. 

Program staff prioritized requirements. 

Program officials maintained regular communication with the prime contractor. 
Programs received sufficient funding. 

Source GAO ens>ys)s of sgericy dale 

These critical factors support OMB’s objective of improving the 
management of large-scale IT acquisitions across the federal 
government; wide dissemination of these factors could complement 
OMB’s efforts. 


’®GAO-12-?, 

’®The seven investment were (1 ) Depaitrient of Commerce’s Decennial Response 
integration System. (2) Defense’s Defense Global Combat Support System-Joint 
(Increment 7), (3) Department of Energy's Manufacturing Operations Management 
Project, (4) Department of Homeland Security's Western Hemisphere Travel Initiative, (5) 
Department of Transportation's Integrated Terminal Weather System, (6) Internal 
Revenue Service’s Customer Account Data Engine 2, and (7) Veterans Affairs’ 
Occupational Healtti Record-keeping System, 


Page 9 


GA0-14-596T 




70 


IT Dashboard Can Improve the Transparency into and Oversight of 
Major IT Investments 

The IT Dashboard serves an important role in allowing 0MB and other 
oversight bodies to hold agencies accountable for results and 
performance. However, we have issued a series of reports highlighting 
deficiencies with the accuracy and reliability of the data reported on the 
Dashboard.''^ For example, we reported in October 20 1 2 that Defense 
had not rated any of its investments as either high or moderately high risk 
and that, in selected cases, these ratings did not appropriately reflect 
significant cost, schedule, and performance issues reported by GAO and 
others. We recommended that Defense ensure that its CIO ratings reflect 
available investment performance assessments and its risk management 
guidance. Defense concurred and has revised its process to address 
these concerns. 

Further, while we reported in 201 1 that the accuracy of Dashboard cost 
and schedule data had improved overtime,'’® more recently, in December 
2013 we found that agencies had removed investments from the 
Dashboard by reclassifying their investments — representing a troubling 
trend toward decreased transparency and accountability.’® Specifically, 
the Department of Energy reclassified several of its supercomputer 
investments from IT to facilities and the Department of Commerce 
decided to reclassify its satellite ground system investments. Additionally, 
as of December 2013, the public version of the Dashboard was not 
updated for 15 of the previous 24 months because 0MB does not revise it 
as the President’s budget request is being created. 

We also found that, while agencies experienced several Issues with 
reporting the risk of their investments, such as technical problems and 
delayed updates to the Dashboard, the CIO ratings were mostly or 
completely consistent with investment risk at seven of the eight selected 
agencies.^® Additionally, the agencies had already addressed several of 


’^GAO-14-64;GAO-13-98; GAO-12-210: GAO-11-252, and GAO-10-701, 
^®GAO-12-210. 

’®GAO-14-64. 

^®The eight agencies selected for the review were the Departments of Agriculture, 
Commerce, Energy. Justice, Transportation, the Treasury, and Veterans Affairs; and the 
Social Security Adminisi^tion, 


Page 10 


GAO-14-596T 



71 


the discrepancies that we identified. The final agency, the Department of 
Veterans Affairs (VA), did not update 7 of its 10 selected investments 
because it elected to build, rather than buy, the ability to automatically 
update the Dashboard and has now resumed updating all Investments. 

To their credit, agencies’ continued attention to reporting the risk of their 
major IT investments supports the Dashboard's goal of providing 
transparency and oversight of federal IT investments. 

Nevertheless, the rating issues that we identified with performance 
reporting and annual baselining, some of which are now corrected, 
serve to highlight the need for agencies’ continued attention to the 
timeliness and accuracy of submitted information in order to allow the 
Dashboard to continue to fulfill its stated purpose. We recommended that 
agencies appropriately categorize IT investments and that 0MB make 
Dashboard information available independent of the budget process. 
0MB neither agreed nor disagreed with these recommendations. Six 
agencies generally agreed with the report or had no comments and two 
others did not agree, believing their categorizations were appropriate. We 
continue to believe that our recommendations are valid. 

Agencies Need to Establish and Implement Incremental 
Development Policies to Better Achieve Cost, Schedule, and 
Performance Goals for IT Investments 

Incremental development can help agencies to effectively manage IT 
acquisitions and, as such, 0MB has recently placed a renewed emphasis 
on it. In particular, in 2010 0MB called for IT investments to deliver 
functionality every 12 months, and since 2012 has required investments 
to deliver functionality every 6 months. 

However, as discussed in our report being released today, most selected 
agencies have not effectively established and implemented incremental 
development approaches. Specifically, although ai! five agencies in our 
review — the Departments of Defense, Health and Human Services 
(HHS), Homeland Security (DHS). Transportation (Transportation), and 


times, a project’s cost, schedule, and performance goals— known as its baseline— are 
modified to reflect changed development circumstances. These changes— called a 
rebaseline— can be done for valid reasons, but can also be used to mask cost overruns 
and schedule delays. 

2^GA0-14-361. 


GA0-14-596T 



72 


VA — have established policies that address incremental development, the 
policies usually did not fully address three key components we identified 
for implementing OMB’s guidance. Table 3 provides an assessment of 
each agency’s policies against the three key components of an 
incremental development policy. 


Table 3: Assessment of Selected Agencies’ Incremental Development Policies 

Component 

Defense 

HHS 

DHS 

Transportation 

VA 

Require delivery of ftincfionality every 6 
months 

o 

o 

o 

O 

• 

Define functionality 

C 

o 

o 

O 

• 

Define a process for enforcing 
compliance 

C 

c 

o 

0 

• 


Key: 

•'FuHy met— the agency provided evidence that addressed (he component, 

€=Partialiy met— the agency provided evidence that addressed about half or a large portion of the 
component. 

0=Not met- the agency did not provide evidence that addressed the component or provided 
evidence that minimally addressed the componenl. 

Sourc* C3AO w^aiyss oi agency bocumemation. 

Among other things, agencies cited the following reasons that contributed 
to these weaknesses: (1) OMB’s guidance was not feasible because not 
all types of investments should deliver functionality in 6 months and (2) 
the guidance did not identify what agencies’ policies are to include or time 
frames for completion. We agreed that these concerns have merit. 

Additionally, the weaknesses In agency policies have enabled 
inconsistent implementation of incremental development approaches. 
Specifically, almost three-quarters of the selected investments we 
reviewed did not plan to deliver functionality every 6 months and less than 
half planned to deliver functionality in 12-month cycles. Table 4 shows 
how many of the selected investments at each agency planned on 
delivering functionality every 6 and 12 months during fiscal years 2013 
and 2014. 


Page 12 


GAO-14-S96T 





73 


Table 4: Number of Selected Investments Planning to Incrementally Deliver 
Functionality 

Agency 

Total number 
of selected 
investments 

Investments planning to 
deliver functionality every 
6 months 

investments planning 
to deliver 
functionality every 12 
months 

Defense 

37 

1 

11 

HHS 

14 

9 

11 

DHS 

12 

2 

6 

Transportation 

20 

5 

7 

VA 

6 

6 

6 

Totals 

69 

23 

41 


Source GAO analyas of agency 4o<umentabcn. 


Considering agencies' concerns about delivering functionality every 6 
months and given that so fevkr are planning to deliver functionality in that 
time frame, our report noted that delivering functionality every 12 months, 
consistent with OMB's IT Reform Plan, would be an appropriate starting 
point and a substantial improvement. Until 0MB issues realistic and clear 
guidance and agencies update their policies to reflect this guidance, 
agencies may not consistently adopt incremental development 
approaches, and IT expenditures will continue to produce disappointing 
results — Including sizable cost overruns and schedule slippages and 
questionable progress in meeting mission goals and outcomes. In the 
report being released today, we recommend that 0MB develop and issue 
realistic and clear guidance on incremental development, and that 
Defense, HHS. DHS, and Transportation update and implement their 
incremental development policies, once OMB’s guidance is made 
available. 0M8 stated that it agreed with our recommendation to update 
and issue incremental development guidance, but did not agree that its 
current guidance is not realistic. However, slightly more than one-fourth of 
selected investments planned to deliver functionality every 6 months — 
and less than one-half planned to do so every 12 months. Additionally, 
there are three types of investments for which it may not always be 
practical or necessary to expect functionality to be delivered in 6-month 
cycles. Thus, we continue to believe that delivering functionality every 6 
months is not an appropriate requirement for all agencies and that 
requiring the delivery of functionality every 12 months, consistent with 
OMB's IT Reform Plan, is a more appropriate starting point. We therefore 
maintain that 0MB should require projects associated with major IT 
investments to deliver functionality at least every 12 months. 


Page 13 


GA0-14-598T 





74 


Four agencies — Defense. HHS, DHS, VA — generally agreed with the 
report or had no comments and one agency — Transportation — did not 
agree that its recommendation should be dependent on 0MB first taking 
action. Specifically, the department explained that relying on another 
agency to concur with one of our recommendations before Transportation 
can take action leaves the department with the potential challenge of a 
recommendation that cannot be implemented. However, as previously 
stated. 0MB agrees with our recommendation to update and issue 
incremental guidance, meaning that 0MB has committed to taking the 
actions necessary to enable Transportation to begin addressing our 
recommendation. Accordingly, we continue to believe that our 
recommendations are warranted and can be implemented. 

TechStat Reviews Can Help Highlight and Evaluate Poorly 
Performing Investments 

TechStat reviews were initiated by 0MB to enable the federal government 
to turnaround, halt, or terminate IT projects that are failing or are not 
producing results. In 2013, we reported that 0MB and selected agencies 
had held multiple TechStats, but that additional 0MB oversight was 
needed to ensure that these meetings were having the appropriate impact 
on underperforming projects and that resulting cost savings were valid. 
Specifically, we determined that, as of April 2013, 0MB reported 
conducting 79 TechStats, which focused on 55 investments at 23 federal 
agencies. Further, 4 selected agencies — the Departments of Agriculture, 
Commerce, HHS, and DHS — conducted 37 TechStats covering 28 
investments. About 70 percent of the OMB-led and 76 percent of agency- 
ied TechStats on major investments were considered medium to high risk 
at the time of the TechStat. 

However, the number of at-risk TechStats held was relatively small 
compared to the current number of medium- and high-risk major IT 
investments. Specifically, the OMB-led TechStats represented roughly 
18.5 percent of the investments across the government that had a 
medium- or high-risk CIO rating. For the 4 selected agencies, the number 
of TechStats represented about 33 percent of the investments that have a 
medium- or high-risk CIO rating. We concluded that, until 0MB and 


2^GA0-13-524. 


Page 14 


GAO-1 4-596T 



75 


agencies develop plans to address these weaknesses, the investments 
would likely remain at risk. 

tn addition, we reported that 0MB and selected agencies had tracked and 
reported positive results from TechStats. with most resulting in improved 
governance. Agencies also reported projects with accelerated delivery, 
reduced scope, or termination. We also found that 0MB reported in 201 1 
that federal agencies achieved almost $4 billion in iife-cycie cost savings 
as a result of TechStat sessions. However, we were unable to validate 
OMB’s reported results because 0MB did not provide artifacts showing 
that it ensured the results were valid, Among other things, we 
recommended that OMB require agencies to report on how they validated 
the outcomes. OMB generally agreed with this recommendation. 

Continued Oversight Needed to Consolidate Federal Data Centers 
and Achieve Cost Savings 

In an effort to consolidate the growing number of federal data centers, in 
2010, OMB launched a consolidation initiative intended to close 40 
percent of government data centers by 2015, and, in doing so. save $3 
billion. Since 201 1 , we have issued a series of reports on the efforts of 
agencies to consolidate their data centers.^” For example, in July 201 1 
and July 2012, we reported that agencies had developed plans to 
consolidate data centers; however, these plans were incomplete and did 
not include best practices.^® In addition, although we reported that 
agencies had made progress on their data center closures, OMB had not 
determined initiative-wide cost savings, and oversight of the initiative was 
not being performed in all key areas. Among other things, we 
recommended that OMB track and report on key performance measures, 
such as cost savings to date, and improve the execution of important 
oversight responsibilities. We also recommended that agencies complete 
inventories and plans. OMB agreed with these two recommendations, 
and most agencies agreed with our recommendations to them. 

Additionally, as part of ongoing follow-up work, we have determined that 
while agencies had closed data centers, the number of federal data 
centers was significantly higher than previously estimated by OMB. 


GAO-12-742i and GAO-11-565, 
2®GA0-12-742 and GAO-1 1-565. 


Page 15 


GA0-14-596T 



76 


Specifically, as of May 2013, agencies had reported closing 484 data 
centers by the end of April 2013 and were planning to close an additional 
571 data centers — for a total of 1 ,055 — by September 2014, However, as 
of July 2013, 22 of the 24 agencies participating in the initiative had 
collectively reported 6,836 data centers in their inventories — 
approximately 3,700 data centers more than OMB’s previous estimate 
from December 2011 . This dramatic increase in the count of data centers 
highlights the need for continued oversight of agencies’ consolidation 
efforts. 

We have ongoing work looking at OMB’s data center consolidation 
initiative, including evaluating the extent to which agencies have achieved 
planned cost savings through their consolidation efforts, identifying 
agencies' notable consolidation successes and challenges in achieving 
cost savings, and evaluating the extent to which data center optimization 
metrics have been established. 

Agencies' PortfolioStat Efforts Have the Potential to Save Billions of 
Dollars 

0MB launched the PortfolioStat initiative in March 2012, which required 
26 executive agencies^® to, among other things, reduce commodity IT 
spending and demonstrate how their IT investments align with the 
agencies’ mission and business functions, In November 2013, we 
reported on agencies’ efforts to complete key required PortfolioStat 
actions and make portfolio improvements,^® We noted that all 26 agencies 
that were required to Implement the PortfolioStat Initiative took actions to 
address OMB’s requirements. However, there were shortcomings in their 
implementation of selected requirements, such as addressing all required 
elements of an action plan to consolidate commodity IT and migrating two 
commodity areas to a shared service by the end of 2012, In addition, 
several agencies had weaknesses in selected areas such as the CIO's 
authority to review and approve the entire portfolio and ensuring a 
complete baseline of information relative to commodity IT, Further, we 


^Of the 27 previously mentioned agencies. 1 agency— the Smithsonian Institute— is not 
required to participate in the PortfolioStat initiative. 

Implementing PortfolioStat. Memorandum M-12-10 {Washington, D C.; Mar. 30, 

2012 ). 

^®GAO-14-65. 


Pag© 16 


GA0-14-596T 



77 


observed that OMB’s estimate of about 100 consolidation opportunities 
and a potential $2.5 billion in savings from the PortfolioStat initiative was 
understated because, among other things, it did not include estimates 
from Defense and the Department of Justice. Our analysis, which 
included these estimates, showed that, collectively, the 26 agencies 
reported about 200 opportunities and at least $5.8 billion in potential 
savings through fiscal year 2015 — at least $3.3 billion more than the 
number initially reported by 0MB. 

In March 2013, OMB issued a memorandum commencing the second 
iteration of its PortfolioStat initiative.^® This memorandum identified a 
number of improvements that should help strengthen IT portfolio 
management and address key issues we have identified. However, we 
concluded that selected OMB efforts could be strengthened to improve 
the PortfolioStat initiative and ensure agencies achieve identified cost 
savings, including addressing issues related to existing CIO authority at 
federal agencies and publicly reporting on agency-provided data. We 
recommended, among other things, that OMB require agencies to fully 
disclose limitations with respect to CIO authority. In addition, we made 
several recommendations to improve agencies’ implementation of 
PortfolioStat requirements. OMB partially agreed with these 
recommendations, and responses from 20 of the agencies commenting 
on the report varied.®® 

We have ongoing work looking at the second iteration of OMB’s 
PortfolioStat initiative, including identifying action Items and associated 
time frames from joint OMB-agency PortfolioStat meetings, determining 
agencies’ progress in addressing these action Items, and evaluating the 
extent to which agencies have realized planned savings. 


In summary, OMB’s and agencies’ recent efforts have resulted in greater 
transparency and oversight of federal spending, but continued leadership 
and attention are necessary to build on the progress that has been made. 


Memorandum fertile Heads of Executive Departments and Agencies: Fiscal Year 
2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management, M-1 3-09 
(Washington. D.C. Mar. 27, 2013). 

the 20 agencies commenting on the report, 1 2 agreed with our recommendations 
directed to them, 4 disagreed or partially disagreed with our recommendations directed to 
them, and 4 provided additional clarifying information. 


Page 17 


GA0-14-596T 



78 


The expanded use of the common factors critical to the successful 
management of large-scale IT acquisitions should result in more effective 
delivery of mission-critical systems. Additionally, federal agencies need to 
continue to Improve the accuracy and availability of information on the 
Dashboard to provide greater transparency and even more attention to 
the billions of dollars invested in troubled projects. Further, agencies need 
to implement incremental development approaches in order to increase 
the likelihood that major IT investments meet their cost, schedule, and 
performance goals. Additionally, agencies should conduct additional 
TechStat reviews to focus management attention on troubled projects and 
establish clear action items to turn the projects around or terminate them. 

The federal government can also build on the progress of agencies' data 
center closures and reduction of commodity IT, With the possibility of over 
$5.8 billion in savings from the data center consolidation and PortfolioStat 
initiatives, agencies should continue to identify consolidation opportunities 
in both data centers and commodity IT. In addition, better support for the 
estimates of cost savings associated with the opportunities identified 
would increase the likelihood that these savings will be achieved. 

Chairman Carper, Ranking Member Coburn, and Members of the 
Committee, this completes my prepared statement. ! would be pleased to 
respond to any questions that you may have at this time. 


GAO Contact and 
Staff 

Acknowledgments 


If you or your staffs have any questions about this testimony, please 
contact me at (202) 512-9286 or at pownerd@gao.gov. Individuals who 
made key contributions to this testimony are Dave Hinchman (Assistant 
Director). Deborah A. Davis (Assistant Director), Rebecca Eyier, Kaelin 
Kuhn. Meredith Raymond, Jamelyn Payan, Bradley Roach, Andrew 
Stavisky, and Kevin Walsh. 


(311407) 


Page 18 


GAO-14-596T 



79 


ACT-IAC 



Statement of 
Daniel J. Chenok 
Executive Vice Chair 
Industry Advisory Council 
before the 


Committee on Homeland Security and Governmental Affairs 
U.S. Senate 


May 8, 2014 

Hearing on “Identifying Critical Factors for Success in Information Technology 

Acquisitions " 


Good morning, Chairman Carper, Ranking Member Coburn, and Members of the Committee. 

Thank you for the opportunity to testify before the Committee on how the government can 
continue its efforts to manage information technology (IT) effectively and efficiently. 

1 am here in my capacity as the Executive Vice Chair of the Industry Advisory Council (lAC). 
lAC is an advisory body and the industry partner for the non-profit American Council for 
Technology (ACT), an organization led by government IT officials and established in 1979, 

ACT created the Industry Advisory Council in 1989 in order to improve communications and 
understanding between government and industry. Today. I AC is comprised of nearly 500 private 
sector firms that provide information resources, management products and services for and with 
government. Our member firms include hardware manufacturers, softw'are companies, systems 
integrators, consulting service providers, telecommunications companies and professional 
services companies; the majority of our members are small businesses, I work for IBM. an lAC 
member company, and serve there as the Executive Director with the IBM Center for The 
Business of Government, I have worked previously for two other lAC member companies. 
Pragmatics and SRA International However, as stated above, I am here today representing lAC 
and ACT, 


3040 Williams Drive. Suite 500. Fairfax, VA 22031 
vwAv.actgov.org • (p) 703.208.4800 • «f) 703.208.4805 


ACT-IAC: Advancing Government Through Collaboration, Education and Action 



80 


This unique government-industry partnership, collectively referred to as “ACT-IAC”, was 
created to facilitate the strategic use of technology to improve the business and mission 
performance in the public sector. ACT-IAC provides services that promote education, 
communication and collaboration across all levels of government. ACT-IAC brings industry and 
government executives together to exchange information, support professional development, 
improve communications and understanding, solve issues, and build partnership and trust, 
thereby enhancing government’s ability to serve the nation, ACT-IAC provides an objective, 
vendor-neutral and ethical forum for the study and analysis of public sector management and 
technology issues, and by providing education and training on best practices to industry and 
government personnel. ACT-IAC is not an advocacy group, business development organization, 
or lobby; we are a non-profit whose goal is better government. More information about ACT- 
IAC is available on our website at ww vv.ac ii ac.orit . 

Before addressing the subject of what government can learn from industry about the effective use 
of IT to improve performance, i would like to note that I am especially pleased to be appearing 
before this Committee given a historical connection: in 2001-2002, while still in government as 
the senior career official for information and IT policy and budget issues with the Office of 
Management and Budget (0MB) near the end of a i 4-year 0MB tenure, I spent much time 
working with Committee staff while coordinating Administration discussions with Congress 
around the E-Government Act of 2002, And it is an honor to join Karen Evans, with whom I 
worked at 0MB at the beginning of her tenure as Administrator for the Office of E-Government 
and IT. 

Managing Complex Programs that Rely on IT 

As this Committee has highlighted over many years of focus, every Federal agency relies on 
information technology to provide services to the public and support its operations. The ability 
to manage these as.sets effectively and efficiently has a direct impact on agency succe,ss. 

History tells us that any major program, project, or transformation involving IT brings great 
potential for positive change and benefits, but also brings risks that the program will not produce 


2 



81 


the outcomes envisioned. Such risks can be introduced due to factors that include political 
pressures, interagency coordination, integration with legacy systems, multiple contractors, new 
softw'are development, requirements creep, unexpected events. 

Over the past several months, ACT-IAC has joined a number of stakeholder groups in a dialogue 
with 0MB and Administration leaders regarding how best to improve the government's capacity 
to manage IT programs effectively. Accordingly, ACT-IAC has drawn upon many best practices 
and lessons learned across government and industry, and formulated an initial set of critical 
success factors for major IT programs. These factors broaden the focus from IT oversight to 
overall program management, and take into account the policy and political realities within 
which the Federal government operates. In this model, IT is a strategic centerpiece of a 
transformation toward the goal of better government. 

ACT-IAC has captured these success factors in a Framework that we refer to as “7-Sfdr 
Siiccexs ” (we arc providing the full Framework to the Committee for the record as well). The 7- 
S Framework evolved through a collaborative process that included both government and 
industry experts and executives, and reflects lessons learned through a true public-private 
partnership and real world experience with effective practices from both sectors. The Framework 
sets forth a set of principles and guidelines to be considered at the outset of any major IT project 
or program. We believe that the application of this Framework to a major IT program review 
should reduce risk and increase the likelihood of positive outcomes. 

The 7-S Framework does not constitute a checklist for compliance purposes. Rather, it 
represents a management approach for large transformations, in which each of the seven “S" 
factors represents a key area of focus, but ail of the “S’s” enhance the potential for delivering 
successfully, W'e strongly believe that successful implementation of major IT programs requires 
an honest assessment by, and ongoing conversation among, program leadership and stakeholders 
regarding the health of the program. We also believe that how these leaders and organizations 
manage change as programs evolve, and support teams and individuals address needed change in 
a positive way, is a key element of success across the entire Framework. W'e hope that the 7-,S 


3 



82 


Framework will help contribute to more consistent, high-quality performance in managing IT 
programs across government. 

Before delving into the elements of the 7-S Framework, I would again note that the Framew'ork 
reflects is based on ACT-IAC's engagement with members from both the public and private 
sectors. Our experience indicates that government and industry share many common elements 
with regard to the implementation of large scale FF systems, as well as important 
clilTerences. With regard to commonalities, leaders across government and industry recognize 
the value of information technology, and seek to apply IT to increase effectiveness and 
efficiency. Both government and industry benefit from many talented people who are committed 
to doing their best for their organization.s. And there arc factors that are consistent across large 
and complex IT programs in both sectors, such as multiple stakeholders, large and 
organizationally diverse project teams, and the need for agility in implementing technological 
change. 

Managing large IT programs in Government does involve unique elements as well, including; 

• Laws and rules that can require significant processes, time, and resources to revise if 
needed. 

• A focus on compliance that can, if not implemented effectively, ovcrw'helm efforts by 
leaders to view and manage ff as a strategic asset. 

• Funding that emanates from a budget process where planning occurs up to 30 months 
before the money is actually spent on a program or contract. 

• Lack of knowledge about how to leverage the acquisition process to facilitate rapid 
adoption and innovation. 

• A coniparalivcly large installed base of legacy systems can require large investments to 
replace. 

• Regular and public attention that can magnify impacts more quickly than is often the case 
in industry. 

Adapting commercial best practice to help improving how Government acquires and manages 
complex IT programs, through the 7-S Framework or similar approaches, must account for these 


4 



83 


kinds of elements in order to succeed in the public sector. Agencies can learn much from 
industry - the key is how best to adapt these lessons in a government setting. 



The 7-S Framework addresses two sides of the strategic imperative for IT program management: 
the political/policy/oversight factors, w'hich can support or sink an initiative from above and thus 
are grouped under “Managing Up and Out"; and the business/technical factors, which can 
promote or undermine an initiative from within and thus are grouped under “Managing Across 
and Down”. It is important to note that these factors do not always fall neatly in one category or 
the other; for example, the “Managing Up and Out” section discusses how teams will operate and 
communicate, which is also vital to “Managing Across and Down”. 


The seven critical success factors include: 


Managing Up and Out 

1. Stakeholder Commitment and Collaborative Governance 
2 Skilled Program Manager and Team 

3. Systematic Program Reviews 

Managing Across and Down 

4. Shared Technology and Business Architecture 

5. Strategic, Modular, and Outcomes-Focused Acquisition Strategy 

6. Software Development that is Agile 

7. Security and Performance Testing Throughout 


5 



84 


Managing Up and Out 

1 , Stakeholder Commitment and Collaborative Governance - Most complex programs 
involve numerous stakeholders at political, policy, and management levels, and often 
multiple agencies, contractors, and other non-government constituencies. There should be 
clear lines of accountability and responsibility among these players, as well as a process that 
engages key stakeholders. Finally, there should be a shared commitment to the program's 
success across affected parties. 

Establishing a collaborative and accountable governance structure - chaired by a senior 
official from the lead mission Agency who has access to the Agency head, and includes 
senior executives from other implementing Agencies and key contractors - incorporates the 
interests of each stakeholder group. This approach also focuses on each entity’s 
responsibility area and contribution to the larger program goals, and establishes a way to 
review progress collectively and with accountability for results. Key elements of a 
collaborative governance process include: 

• Ongoing interaction with — and management of - key stakeholder relationships, 
including users, contractors, relevant constituency groups, and oversight 
organizations like Congress, GAO, 0MB, and IGs. 

• Effective integration across key functions within the lead agency, including program, 
budget, contracts, HR, I f, and other relevant offices. 

• Understanding of and accounting for political, legal, and policy imperatives that must 
be addressed. 

• Clearly documented roles, responsibilities, and accountability structures, 

• Early and ongoing identification of risks and development of mitigation strategies. 

• A communications process to ensure that the key players talk to each other about the 
right issues at the right time, and that business, technical, policy and other changes 
are well-aligned. 


6 



85 


• Key program performance metrics that are incorporated into annual performance 
plans for stakeholders, to promote shared accountability so that each stakeholder 
shares equity with the success of the program. 

• An approach that promotes ongoing, honest assessment and supports moving forward 
from failure to reach overall program success in business scope, technology 
advancements, and innovative delivery. 

• Sustained leadership commitment, as transformational or complex programs 
inevitably go through high and low points; key to success is a willingness to accept 
risks and learn from mistakes, and a continued focus on achieving long-term goals 
rather than becoming consumed by short-term but addressable problems. 

2. Skilled Program Manager and Team - There must be an accountable, qualified, and 

properly positioned senior leader of the program, who reports to a Senior Agency governance 
leader. This Program Manager (PM) should ideally be highly proficient at technical, 
business (both government and commercial business processes), organizational, 
programmatic, and interpersonal levels. The PM could come from the technology, 
acquisition, or mission organization, so long as the person possesses skills across these areas 
and operates under a strong governance process. The PM should ensure that a sound 
Integrated Program Team (IPT) team includes the following elements: 

• The PM should be empowered to bring on a strong team of leaders across disciplines 
who can maximize the likelihood of positive outcomes, and work together to course- 
correct for problems along the way. It is likely that there will be a hierarchy of teams 
and competency areas reporting to the PM, since a major program almost always 
consists of sub-projects that must be managed tow'ards a common outcome. 

• The PM team must also include resources, whether direct report or matrixed, from 
relevant stakeholder groups, such as IT, policy and regulatory, strategic planning, the 
user community, acquisition, legal, outreach (public and congressional affairs), 
finance, and HR; cross-agency teams should include repre.sentatives from each 
agency. 

• The PM should ensure that all of the major program management disciplines - such 
as Requirements, Financials. Acquisition, Communications, Risk, Earned Value, 


7 



86 


Change, Integration and Release/Testing — are properly staffed, with ongoing training 
offered across program areas. 

• The PM should ensure that IPT members understand clear responsibilities that are 
documented, so that everyone knows who is doing what; and help members to 
approach their role through supporting the team to reach objectives, rather than 
simply through addressing process and compliance issues. 

• Performance metrics for key individuals should include consistent measures related to 
achieving system and program milestones; this is especially true where a program 
cuts across organizational lines, so that performance metrics reflect the multi- 
organizational nature of the activity, rather than affecting only the organization for 
which the employee works. 

3. Systematic Program Reviews - in addition to assessing progress against programmatic 
goals, governance leaders and the PM should ensure that ail of the “S factors” are reviewed 
on a regular basis. As part of these review's, success should be celebrated and actual or 
potential problems promptly and openly identified for correction. This will promote timely 
consideration of whether the program is 1) making progress against program goals, and 2) 
ensuring that all key “S for Success" factors are in place and working well to minimize risk; 
performance issues that are not corrected quickly then become accountability issues to be 
addressed as soon as possible. These reviews must be designed and implemented to ensure 
the following: 

• All major aspects of the program, including IT, policy, acquisition, business process, 
and regulatory changes, are addressed. These areas should be assessed as part of 
status updates throughout the overall master cost/schedule/program goals, and should 
identify any needed risk mitigations along with responsible individuals and needed 
deadlines. 

• Each key stakeholder should provide an update on what they have done since the last 
review to support the PM and the execution of program objectives. The PM should 
also make clear to each stakeholder what is needed from him or her between the 
current and the next review. 


8 



87 


• Reviews should include senior representatives from key contractors where 
appropriate, to ensure unified agreements on status, risks, and necessary actions or 
changes. 

• Reviews should be designed so that the agency can provide periodic program updates 
to oversight organizations, including Congress, GAO, OMB, and IGs. 


Managing Across and Down 

4. Shared Technology and Business Architecture - Major IT programs involve complex 
interfaces with internal and external users, back-end applications, operational processes, 
policies, and supporting infrastructure. It is vital that a business and technology architecture 
guide activities across the team. At a minimum, this architecture should: 

• Set goals for how interfaces and new business processes should work in practice, 
while remaining flexible enough to encourage changes during development and 
execution; ideally, a strong Chief Architect, reporting to the PM. would be assigned 
to this task. 

• Emphasize innovative but proven technologies (c.g,, cloud computing, mobile) that 
preferably have a low' threshold for adoption, as well as a strategy for how new 
technologies and related business processes will be integrated with legacy systems 
and business processes. 

• Include a focus on security and privacy of information as an integrated element in 
business process and system development, and not be managed as a separate activity. 


5. Strategic, Modular, and Outcomes-Focused Acquisition Strategy - The PM must 
collaborate with the acquisition organization and other stakeholders in the IPT, and then 
work with the private sector early on, to define a set of strategic requirements, a program 
management model, and an acquisition strategy that supports the outcome-based goals 
associated w'ith the program in a best-value approach. Other elements of this strategy 
include: 


9 



88 


• An acquisition process that starts well before contract award (c.g., with market 
research, requirements identification, and RFls), and lays out the goals, timelines, 
source selection and evaluation approaches for key contracts along with a 
synchronized contract award schedule. Project life cycle milestones should also 
influence when contracts must be in place; for example, contracts for more complex 
elements or infrastructure may need to be awarded first, 

• Procurements that have consistent incentives, milestones, and review processes to 
encourage collaboration toward a mutual objective. Commercial products or services 
should be acquir'cd where feasible and appropriate, along with a strategy to ensure 
that they complement the target architecture during integration; commercially 
available IT and shared services should be preferred over building IT from scratch. 

• Available or potential contract vehicles that are objectively asses,sed; for existing 
vehicles, any relevant weaknesses or limitations should be addressed. 

• Clear roles for government and industry partners with specified interface points and 
information needs, as well as defined acquisition management processes to ensure 
coordinated, disciplined, and efficient and effective contract oversight, 

• Alignment with a program management plan that provides clear roles and 
responsibilities, integrates leadership, and manages processes and interactions among 
key organizations for successful post-contract award management. 

• A strategic funding strategy that is tied to programmatic and acquisition goals and 
objectives, with a modular approach so that value can be assessed on a regular basis 
to secure additional funding. This is especially important for contract awards that 
require funding over multiple budget years, so that funds for those project phases can 
be built into the budget request for those years. 

6. Software Development that is Agile - Over the past several years there has been increased 
interest in a shift away from large-scale and long-term systems development that may take 
years before the first functionality is available for testing. A more innovative approach is 
found in agile software development, under w'hich applications are developed in an iterative 
fashion whenever possible, with small-scale roll-outs, frequent feedback from end users, and 
communication with program management and governance leaders on changes needed 


10 



89 


throughout. This approach reduces risk and increases the chances for program success. We 
believe it applies to major programs with varied business processes that involve IT 
applications. Other aspects include: 

• Applications that take advantage of open source and reusable code whenever 
appropriate and cost-effective. 

• Incorporation of “Human Design Frameworks” ~ which account for how people 
actually perform their w'ork — as a component of the Agile model, to ensure that these 
elements ofdesign are central to development. 

• Resource commitments from the end user and customers. Key end users and 
customers should be embedded in the program team, and be matrixed back to their 
organization so that daily decisions/tradeoffs on functionality can be made, and that 
the IT and Program office can get input from the customer and end user as part of 
those decisions, 

7, Security and Performance Testing Throughout - Modules should be tested and released in 
phases throughout design, development, and operations - both for individual components and 
collective (ultimately end-to-end) system performance. Key elements include: 

• Security, privacy and testing objectives and strategies should be established before 
any development .starts, so that the.se critical components are embedded into the DNA 
of the program; this should reduce issues during the testing cycle, helping improve 
speed to effective implementation. 

• User acceptance, functional, and load testing must be planned for and implemented at 
each phase of the program rollout. 

• Testing should align W'ith independent validation and verification (IV&V) efforts as 
appropriate, 

• Security testing should occur in parallel with performance testing. Security 
requirements and testing needs should be included as part of the program processes 
from inception. 

Chairman Carper, Ranking Member Coburn, and Members of the Committee, on behalf of ACT- 
lAC vve appreciate the opportunity to appear today. We believe that the 7-S for Success 


11 



90 


Framework sets forth a management approach that can significantly increase the potential for 
success in major IT programs in the public sector. Thank you. 


12 



91 


ACT-IAC i 

Aovdircma w^ernmefjs ' < 


KEY SUCCESS FACTORS FOR MAJOR 
PROGRAMS THAT LEVERAGE IT 

The "7 -S for Success" Framework 

May 2014 


This document sets forth a framework of critical success factors for 
large scale government IT projects. ACT-IAC believes that the 
application of the principles set forth in this framework will reduce 
risk and increase the likelihood of positive outcomes. 


3040 Wi'iiams Drive, Suite 500. Fairfax, VA 22031 
vwwv.actgov.org • (p) 703.208.4800 • (f) 703.208.4805 


ACT-IAC: Advancing Government Through Collaboration, Education and Action 



92 


American Council for Technology-Industry Advisory Council 

The American Council for Technology (ACT) is a 501(c)3 non-profit educational organization established 
in 1979 to improve government through the efficient and innovative application of information 
technology. The ACT-iAC mission is to "facilitate the strategic use of technology to improve the mission 
of government." The organization's strategic vision is to "be the most trusted public-private partnership 
for cultivating a cost-conscious culture of ongoing innovation to improve government.” 

ACT was established by government employees, with the encouragement of 0MB and 6SA, to provide a 
forum where Federal, state and local government employees could communicate and collaborate. In 
1989 ACT created the Industry Advisory Council (lAC) to provide an objective, ethical and vendor-neutral 
forum where government executives could communicate and collaborate with their industry peers. lAC 
has approximately 500 member companies of whom over 70% are small businesses. An Executive 
Committee of senior government executives establishes the strategic direction for ACT-IAC and ensures 
the objectivity and integrity of the ACT-IAC forum. 

ACT-iAC has been described as "a model of how government and industry con work together” 


Disclaimer 


The information presented in this document was developed through a collaborative process in which 
both government and industry executives participated. The views and recommendations contained 
herein are not intended to represent the views of any specific individual or organization that engaged in 
this initiative. 

Copyright 

©American Council for Technology, 2014. This document may be quoted, reproduced and/or distributed 
provided that credit is given to the American Council for Technology-Industry Advisory Council. 

Further information 


For further information, contact the American Council for Technology-Industry Advisory Council at (703) 
208-4800 or www.act i ac.o rg. 


2 



93 


Key success factors for Major Programs that Leverage IT-- 
The “7 -S for Success" Framework 

Any major program, project, or transformation involving information technology (IT) brings great 
potential for positive change and benefits, but also risks that the program will not produce the 
outcomes envisioned. Such risks can be introduced due to political pressures, interagency coordination, 
integration with legacy systems, multiple contractors, new software development, requirements creep, 
or unexpected events. 

ACT-IAC, an association of leaders in government and industry with significant experience in IT 
acquisition and management, has drawn upon many lessons learned and formulated an initial set of 
critical success factors for major IT programs. These factors broaden the focus from IT oversight to 
overall program management that accounts for policy and political realities. In this model, IT is a 
strategic centerpiece of any transformation toward the goal of better government. 

Over the past several months, ACT-IAC has joined a number of stakeholder groups in a dialogue with 
OMB and Administration leaders regarding how best to improve the government's capacity to manage 
IT programs effectively. ACT-IAC recommends the "7 -S for Success" Framework as a basis for the path 
forward, addressing the key success factors described below. Applying the Framework to a major IT 
program review should reduce risk and increase the likelihood of positive outcomes. 

This Framework does not constitute a checklist for compliance purposes. Rather, it represents a 
management approach for large transformations, in which each "S" represents a key area of focus but 
all of the "S's" enhance the potential for delivering successful results. These factors should form the 
basis for an honest assessment by, and ongoing conversation among, program leadership and 
stakeholders regarding the health of the program. Such an assessment and conversation is reinforced 
by the fact that how these leaders and organizations manage change as programs evolve, and support 
teams and individuals address needed change in a positive way, is a key element of success across the 
entire Framework, 

The Framework addresses two sides of the strategic imperative for program management: the 
political/poiicy/oversight factors, which can impact an initiative from above and thus are grouped under 
"Managing Up and Out"; and the business/technical factors, which can impact an initiative from within 
and thus are grouped under "Managing Across and Down". It is important to note that these factors do 
not always fall neatly in one category or the other - for example, the "Managing Up and Out" section 
discusses how teams will operate and communicate, which is also vital to "Managing Across and Down". 



94 


Key Success Factors in Reviewing Major Programs that leverage IT- The ^^7-S for Success" Framework 

Managing Up and Out 

1. Stakeholder Commitment and Collaborative Governance 
2 Skilled Program Manager and Team 

3. Systematic Program Reviews 

Managing Across and Down 

4. Shared Technology and Business Architecture 

5. Strategic, Modular, and Outcomes-Focused Acquisition Strategy 

6. Software Development that is Agile 

7. Security and Performance Testing Throughout 

Managing Up and Out 

1. Stakeholder Commitment and Collaborative Governance - Most complex programs involve 
numerous stakeholders at political, policy, and management levels, and often multiple agencies, 
contractors, and other non-government constituencies. There should be clear lines of accountability 
and responsibility among these players, as well as a process that engages key stakeholders. Finally, 
there should be a shared commitment to the program's success across affected parties. 

Establishing a collaborative and accountable governance structure - chaired by a senior official from 
the lead mission agency who has access to the agency head, and includ s senior executives from 
other implementing agencies and key contractors - incorporates the interests of each stakeholder 
group, This approach also focuses on each entity's responsibility area and contribution to the larger 
program goals, and establishes a way to review progress collectively and with accountability for 
results. Key elements of a collaborative governance process include: 

• Ongoing interaction with and management of key stakeholder relationships, including 
contractors, users, relevant stakeholder groups, and oversight organizations such as 
Congress, GAO, 0MB, and IGs. 

• Effective integration across key functions within the lead agency, including program, budget, 
contracts, HR, IT, and other relevant offices. 

• Understanding of and accounting for political, legal, and policy imperatives that must be 
addressed. 

• Clearly documented roles, responsibilities, and accountability structures. 

• Early and ongoing identification of risks and development of mitigation strategies. 


4 



95 


• A communications process to ensure that the key players talk to each other about the right 
issues at the right time, and that business, technical, policy and other changes are well- 
aligned. 

• Key program performance metrics incorporated into annual performance plans for 
stakeholders, to promote shared accountability so that each stakeholder shares equity with 
the success of the program. 

• An approach that promotes ongoing, honest assessment and supports moving forward from 
failure to reach overall program success in business scope, technology advancements, and 
new and innovative delivery approaches. 

Sustained leadership commitment, as transformational or complex programs inevitably go 
through high and low points; key to success is a willingness to accept risks and learn from 
mistakes, and a continued focus on achieving long-term goals rather than becoming 
consumed by short-term but addressable problems. Other elements of sustained 
commitment include: 

• 

• Senior management of the involved agencies who work with oversight bodies to 
secure support for the program in advance, celebrate successes as they occur, and 
provide early warning about problems along with recommended mitigations. 

• The ability to "step back and refocus" when faced with a major issue, allowing time 
for the team to regroup and communicate revisions in tactics to key stakeholder 
groups. 

• Resilience in the face of small surprises that will inevitably occur - and the ability to 
quickly deal with them in order to make progress over the long term. 

• Leaders who carry through on priorities in an environment where political pressures 
can turn focus away from achieving strategic program goals, and who understand 
how new political imperatives can be addressed effectively through changes in 
program plans. 

2. Skilled Program Manager and Team - There must be an accountable, qualified, and properly 
positioned senior leader of the program, who reports to a Senior Agency governance leader. This 
Program Manager (PM) should ideally be highly proficient at technical, business (both government 
and commercial business processes), organizational, programmatic, and interpersonal levels. The 
Program Manager could come from either the technology or mission organization, so long as the 
person possesses skills in both areas and operates under a strong governance process. The PM 
should ensure that a sound Integrated Program Team (IPT) team includes the following elements: 

• The PM should be empowered to bring on a strong team of leaders across disciplines who 
can maximize the likelihood of positive outcomes, and work together to course-correct for 
problems along the way -- it is likely that there will be a hierarchy of teams and competency 
areas reporting to the Program Manager, since a major program almost always consists of 
sub-projects that must be managed towards a common outcome. 


5 



96 


• The PM team must also include resources, whether direct report or matrixed, from relevant 
stakeholder groups, such as IT, policy and regulatory, strategic planning, the user 
community, acquisition, legal, outreach (public and congressional affairs), finance, and HR; 
cross-agency teams should include representatives from each agency, 

• The PM should ensure that all of the major program management disciplines - such as 
Requirements Management, Financial Management, Communications, Risk Management, 
Earned Value, Change Management, Integration Management and Release/Testing 
Management - are properly staffed, with ongoing training offered across program areas. 

• The PM should ensure that IPT members understand clear responsibilities that are 
documented, so that everyone knows who is doing what; and help members to approach 
their role through supporting the team to reach objectives, rather than simply through 
addressing process and compliance issues, 

• Performance metrics for key individuals should include consistent measures related to 
achieving system and program milestones; this is especially true where a program cuts 
across organizational lines, so that performance metrics reflect the multi-organizational 
nature of the activity, rather than affecting only the organization for which the employee 
works, 

3. Systematic Program Reviews - In addition to assessing progress against programmatic goals, the 
Program Manager should ensure that all of the S factors are reviewed by kc Governance leadership 
on a regular basis, with success celebrated and actual or potential problems promptly and openly 
identified for correction. This will promote timely consideration of whether the program is 1) 
making progress against program goals, and 2) ensuring that ail key "S for Success" factors are in 
place and working well to minimize risk; performance issues that are not corrected quickly then 
become accountability issues to be addressed ASAP. These reviews must be designed and 
implemented to ensure the following: 

• All aspects of the program, including necessary actions in IT, policy, acquisition, business 
process, and regulatory changes, are addressed. These areas should be assessed as part of 
status updates throughout the overall master cost/scheduie/program goals, and should 
identify any needed risk mitigations along with responsible Individuals and needed 
deadlines. 

• Each key stakeholder should brief what they have done since the last review to support the 
Program Manager and the execution of program objectives, and should also seek out what 
the Program Manager needs from them between the current and the next review, 

• Reviews should include senior representatives from key contractors where appropriate, to 
ensure unified agreements on status, risks, and necessary actions or changes. 

• Reviews should be designed so that the agency can provide periodic program updates to 
oversight organizations, including Congress, GAO, 0MB, and IGs. 


6 



97 


Manapinp Across and Down 


4. Shared Technology and Business Architecture - Major IT programs involve complex interfaces with 
internal and external users, back-end applications, operational processes, policies, and supporting 
infrastructure. A target business and technology architecture should guide activities across the 
team, including the following elements; 

• Set goals for how interfaces and new business processes should work in practice, while 
remaining flexible enough to encourage changes during development and execution; ideally, 
a strong Chief Architect would be assigned to this task, who reports to the Program 
Manager. 

• Emphasize innovative but proven technologies {e.g., cloud computing, mobile) that 
preferably have a low threshold for adoption, as well as a strategy for how newly introduced 
technologies and related business processes will be integrated with legacy systems and 
business processes. 

• Include a focus on security and privacy of information as an integrated element, not a 
separate activity. 

5. Strategic, Modular, and Outcomes-Focused Acquisition Strategy - The Program Manager must 
work with the acquisition organization and other stakeholders in the IPT, and then work with the 
private sector early on, to define a set of strategic requirements, a program management model, 
and an acquisition strategy that supports the outcome-based goals associated with the program in a 
best-value approach. Other elements of this strategy include: 

• An acquisition process that starts well before contract award (e.g,, with market research, 
requirements identification, RFIs ), and lays out the goals, timelines, source selection 
and evaluation approaches for key contracts along with a synchronized contract award 
schedule. The project life cycle milestones should also consider when contracts must be in 
place; for example, contracts for more complex elements or infrastructure may need to be 
awarded first. 

• Procurements that have consistent incentives, milestones, and review processes to 
encourage collaboration toward a mutual objective. Commercial products or services 
should be acquired where feasible and appropriate, along with a strategy to ensure that 
they complement the target architecture during integration; commercially available IT and 
shared services should be preferred over building IT from scratch. 

• Available or potential contract vehicles that are objectively assessed; for existing vehicles, 
any relevant weaknesses or limitations should be addressed. 

• Clear roles for government and industry partners with specified interface points and 
information needs, as well as defined acquisition management processes to ensure 
coordinated, disciplined, and efficient and effective contract oversight. 


7 



98 


• Alignment with a program management plan that provides clear roles and responsibilities, 
integrates leadership, and manages processes and interactions among key organizations for 
successful post-contract award management. 

• A strategic funding strategy that is tied to programmatic and acquisition goals and 

strategies, with a modular approach so that value can be assessed on a regular basis to 
secure additional funding -especially for contract awards that require funding over multiple 
budget years, funds for those project phases are built into the budget 

request for those years. 

6. Software Development that Is Agile - Over the past several years there has been increased interest 
in a shift away from large-scale and long-term systems development that may take years before the 
first functionality is available for testing. A more innovative approach is found in agile software 
development, under which applications are developed in an iterative fashion whenever possible, 
with small-scale roll-outs, frequent feedback from end users, and communication with program 
management and governance leaders on changes needed throughout. Other aspects include: 

• Applications that take advantage of open source and reusable code whenever appropriate 
and cost-effective. 

• Incorporation of "Human Design Frameworks" - which account for how people actually 
perform their work - as a component of the Agile model, to ensure that these elements of 
design are central to development 

• Resource commitments from the end user and customers. Key end users and customers 
should be embedded in the program team, and be matrixed back to their organization so 
that daily decisions/tradeoffs on functionality can be made, and that the IT and Program 
office can get input from the customer and end user as part of those decisions. 

7. Security and Performance Testing throughout - Modules should be tested and released in phases 
throughout design, development, and operations - both for individual components and collective 
(ultimately end-to-end) system performance. Key elements include; 

• Security, privacy and testing objectives and strategies should be established before any 
development starts, so that these key IT components are embedded into the DNA of the 
program - this should reduce issues during the testing cycle, helping speed to market. 

• User acceptance, functional, and load testing must be planned for and implemented at each 
phase of the program rollout. 

• Testing should align with independent validation and verification (IV&V) efforts as 
appropriate. 

• Security testing should occur in parallel with performance testing. Security requirements 
and testing needs should be included as part of the program processes from inception. 


8 



99 


STATEMENT OF 
KAREN S. EVANS 

FORMER ADMINISTRATOR FOR ELECTRONIC GOVERNMENT AND 
INFORMATION TECHNOLOGY 
OFFICE OF MANAGEMENT AND BUDGET 
BEFORE THE 

COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS 

May 8, 2014 


Good morning Chaimian Carper, Ranking Member Coburn, and Members of the Committee. I am 
pleased to be invited back to share my views on, “Identifying Critical Factors for Success in 
Information Technology Acquisitions,” My remarks today will describe best practices and success 
factors for managing information technolog>' (IT) systems that the government can learn from industry. 

The federal government will spend over $80 billion on information technology (IT) this year. Despite 
guidance and oversight by Congress, General Accountability Office (GAO), and Office of Management 
and Budget (OMB), Federal IT projects too frequently incur cost overruns and schedule delays, and 
end-up contributing little to agency mission outcomes. Frequently these failures resulted from well 
know hazards that experienced practitioners have learned to avoid by adopting specific procedures ^ 
best practices - that circumnavigate these pitfalls. Other times the project failure could he traced to 
someone not doing what they were supposed to do. The technology did not play a trick on them. 

There was not an unforeseen outside force dooming the project. No, in every case, someone missed 
their block and let a defender sack the quarterback. The reflexive response is to add another layer of 
rules to prevent someone from making that bad decision again. This is the wrong way to go, as it adds 
layer upon layer of bureaucracy that eventually grinds the process to a hall. 

One cannot mandate good outcomes, nor can Congress legislate to preclude failure. Rather, the IT 
acquisition system mu.st foster a culture that allows and tolerates a continuing learning cycle to improve 
overall performance. Results, whether they are good or bad, provide important feedback that needs to 
be integrated into the overall management framework. The goal must be to enable success, not to 
preclude failure. 

Government and Industry - Similar Challenges 

Government and industry face many similar challenges in planning, acquiring, and deploying IT 
systems. While today’s hearing is focused on improving the Federal Government's management of IT 
by learning best practices from industry, it is worth noting that the private sector does not have a 
perfect batting average. A 20 1 2 report 'from the Standish Group International found that 1 8 percent of 
private sector IT projects failed. That is, they were either canceled prior to completion, or delivered and 
never used. 

Fhe causes of such failures are not unique to the private sector. Government IT and acquisition 
professionals face similar issues. This is not meant to excuse the Government's failures, but rather to 
demonstrate why industry best practices are applicable to the Government. The Standish Group also 


The Standish Group International, Incorporated. Chaos Manifesto. 2013. 


1 



100 


reported that the number of software development projects that were completed successfully on time 
and on budget, with all features and functions as originally specified, rose from 29 percent in 2004 to 
39 percent in 2012, a significant improvement. Government should adopt these practices that enabled 
this success. 

Government and Industry - Different goals lead to different challenges 

The very obvious differences betw'een the goals and priorities of Government and the private sector 
create different challenges for each. Government and industry have very different time horizons. 
Businesses focus on short-term results even as they pursue long-term strategies for their organizations; 
quarterly earnings, next season’s fashions, or the new model year. Their long-term strategies are not to 
develop FT systems ~ IT is a means to an end, not the end itself. Government, on the other hand, will 
tolerate a very long time to fruition for a project and chooses to be measured by their level of effort to 
pursue their mission/program goals - to end homelessness, to cure cancer, to fight poverty. And 
whereas businesses seek low turn-over in their executive ranks. Government senior leaders are 
inherently transitory. The Executive Branch compensates for this characteristic with the career Senior 
Executive Service (SES) managers providing stability and long-term perspective, while supporting 
short-term objectives for their political leadership's priorities and policy initiatives. 

The clear performance indicator of profit and loss makes .some aspects of IT management easier in the 
commercial w'orld. A business only spends money to make more money. So, if an IT project will 
increases profits, then it gets a green light, and if the project begins to overrun its budget so much that it 
won’t make money, then it is cancelled. 

Whereas a business earns money to meet its goals. Government spends money to meet its goals. If an 
IT system will help accomplish the goal, then money is spent on that IT system. Government 
employees are often passionate about their agency’s mission, and perhaps a little less sensitive to cost 
overruns than the private sector. As such, 0MB and Congress have instituted a regimen of 
compensating controls - indicators, alarm bells, and processes to alert management if a project is in 
trouble. 

Finally, business has little tolerance for failure - mismanaging a project or selecting the wrong vendor 
can bring serious financial consequences or even cost a job. Established metrics are closely monitored, 
especially for high risk, high visibility IT projects. 

Conversely, Government leaders pursue very long-term goals, with sometimes ill-defined performance 
measures, and it is difficult to hold people accountable for their performance, IT Project Managers 
should be different. These roles have clearly defined competency requirements, and projects have 
standardized metrics, frequent performance evaluations and feedback. Yet, when a project fails and 
tens of millions of dollars are wasted, the person who W'as supposed to prevent that is not held 
accountable appropriately. Many times, they go on to manage (or mismanage) subsequent projects. 

Conversely, PMs viewed as competent are often pulled midstream from a major project to go manage 
another project midstream. The result is now old project goes of schedule and performance under 
inferior management, 


The Committee should consider whether it would be appropriate for providing incentives for the 
quality PMs to stay with their major project through successful completion and ensuring PMs 


2 



101 


demonstrated from training completed and/or successfully delivering results on smaller scaled projects 
before managing major large scale IT projects. 

Yet, accountability cannot be implemented in a way that creates a culture of fear. If such a culture 
takes root, IT managers and acquisition professionals will adopt strategies that stifle innovation and 
become less responsive. They will take steps to try to eliminate risk altogether. Risk cannot be 
eliminated in any project that has meaning. Rather, risks have to be reasonably mitigated and balanced 
with goals related to cost, timeliness, and effectiveness. 

This is a delicate balance. Managers who routinely make bad decisions must be held accountable. But 
by the same token, they also need to have the ability and authority to exercise good judgment. Only by 
doing so can IT managers actually achieve positive results. 

Lessons Learned 

Oversight - Surveillance, not Inspection 

While I was at 0MB, one of the statutory roles assigned was oversight and leadership of the 
Department and AgnecyChief information Officers (CIOs). I can appreciate the balance the Committee 
must strike in assessing without inhibiting, and the enormous amount time that adequate and 
appropriate oversight can absorb. 

Like the Committee, we had a small staff, so we needed to be efficient while being effective. I gave 
my staff an analogy - they had to be like a teacher -- grading papers but not correcting errors. To do 
this, we required agencies to submit evidence of having completed a task than rather than 
documentation of the task results - allowing the staff to perform surveillance rather than inspection. 

For example, agencies are required to perform a cost-benefit analysis when proposing a new IT system. 
Rather than having the agency submit the documentation of the cost-benefit analysis, the requirement 
was for the CTO to affirm that they had performed the analysis and the date. Therefore, during review 
meetings, questions were posed regarding the decisions made based on the analysis. 

In reviewing the House-passed Federal Information Technology Acquisition Reform Act^ (FITARA), I 
saw several oversight provisions that could create unintended consequences - burdening the Congress 
with inspection rather than oversight. For example, requiring the Agencies to submit a report to the 
House and Senate Oversight Committees is intended to provide information to the Committees, and to 
force the agency to look at their own data periodically and subsequently manage their projects in the 
course of preparing that report. Unfortunately. Peter Drucker was right when he said, “What gets 
measured gets managed.” If you ask for reports, you'll get reports - not necessarily better management. 
For example, the Federal Information Security Management Act (FISMA) was intended to improve the 
security of IT systems. The annual reporting process of FISMA created the emergence of a cottage 
industry to generate these reports but the result was not reduction of risk or improved risk management 
and security of IT systems. If you ask for a report, the agencies will dutifully comply and provide the 
reports. And having received the report, if a Committee’s prescribed report format does not contain a 
piece of data necessary to diagnose a problem, the risk has now' shifted because the Committee did not 
identify appropriate data necessary to ensure successful implementation. 


’H.R.1232 - Federal Information Technology Acquisition Reform Act 


3 




102 


Similarly, requiring meetings will yield meetings and not necessarily the outcome you're after, ideally, 
you really want agencies to manage themselves to agreed-upon outcomes for programs and projects 
where oversight as in this Committee can provide a red-light or green-light. 

Oversight - Focus Management Attention 

In addition to verifying compliance with statute and policy, the E-Government Act^ directs the 
Administrator to help improve the management of IT in the agencies. During my tenure, we published 
a quarterly list of projects that warranted extra management attention. The Management Watch List 
included projects which were either not well planned or not being well managed and projects which 
exhibited unusual risks becau.se of their size or complexity. By distilling volumes of data down to a 
simple list, agency senior executives, who might not have experti.se leveraging IT management tools 
(e.g., earned value management), would readily know the status of projects in their agency, and could, 
call our office if they had questions. And we were able to flag suspicious or obviously incorrect data for 
further investigation of those projects such as no variance in the data - where planned data exactly 
matched actual data. 

As a result of this approach, we saw a 62% improvement in the planning and management of major IT 
capital investment projects over the six year period during which I served."* The oversight has 
continued in this Administration through their process of TechStat Accountability Sessions (TechStats) 
and now PortfolioStats. 1 would note that we released the Management Watch List on a quarterly basis, 
and 1 would strongly encourage the Administration to do the same. In particular, relevant data should 
be updated regularly and that which is related to the Portfolio Stats meetings should be posted on the IT 
Dashboard. 

Oversight - Collaboration 

While we used the Management Watch List to help direct the attention of agency senior executives, that 
same list of projects informed both GAO and the Agencies' Inspectors General (IGs) of what projects 
they should focus their attention on as well. Now, with the alignment of high priority goals, cross- 
agency priority goals, strategic plans, and budgets as required by Government Results and Performance 
Modernization Act, the GAO and IGs audits and evaluations are focused on the agencies’ performance 
in achieving these aligned goals. 

Critical Success Factors 

Numerous books and articles have been written on to improve the management of IT acquisition 
projects. For example, the Software Engineering Institute has developed their highly regarded 
Capability Maturity Model Integration (CMMI) program, and GAO has issued numerous reports on IT 
management practices. Interestingly, most of these reports agree on the essence, if not the details, of 
requirements for project success. And my experience confirms their conclusions. Below is not a 
complete list of critical success factors as there are factors ingrained into the agency culture affecting 
success, but rather the factors that the Committee could easily influence, should it choose to do so. 


■’E-Government Act of 2002, PL 1 07-347 

Executive Office of the President, Budget of (he United States Government; Analytical Perspectives. Budget Year 2009, 
Washington, DC. U.S. Government Printing Office, 2008.(Table 9-7). 


4 



103 


1. Qualified Project Manager 

A good Project Manager (PM) is absolutely essential for project success. Indeed, a strong PM can 
compensate for shortcomings elsewhere, but nothing can compensate for a weak PM. The PM has a 
multi-faceted job. The PM leads the technical staff, manages financial resources, oversees contracts, 
and makes hundreds of decisions on priorities and trade-offs. 

Industry best practice assigns the CIO the responsibility for supplying trained, certified PM's, The CIO 
establishes the policies and procedures for managing IT projects, and e.stablishes the standards for 
certifying PM's as being qualified to manage projects of a certain size or complexity. These 
certifications attest that the PM has demonstrated a designate scope of knowledge, and had 
demonstrated success managing programs of a specified size or complexity. 

An example is the Project Management Professional (PMP) certification from the Project Management 
Institute (PMl). Major consulting firms commonly establish their own certifications which build upon 
the PMP program, adding knowledge of their proprietary tools or methodologies. 

The Federal Government followed this industry best practice in establishing the FAC-P/PM 
certification. This certification was recently updated on December 1 6, 20 1 3, by Office of Federal 
Procurement Policy’. The FAC-P/PM combines I T project management and Federal contracting to 
yield an individual w'ith knowledge and experience necessary to manage the entire acquisition life 
cycle. The FAC-P/PM can be certified at three levels, affirming knowledge and experience at 
progressively higher levels of accomplishment. 

The strength of the FAC-P/PM certification significantly reduces the risk of a project. Conversely, 
knowing that the PM is not qualified would be reason for concern and extra management attention. 
Because this information is essential to assess the risks of an IT project, 0MB requires Agencies to 
submit the name and qualifications of the PM for every major project. Unfortunately, this information 
is not made available on the IT Dashboard, preventing users from assessing the project risk. 

2. Shortage of Qualified Program Managers 

While 0MB requires a qualified PM, agencies sometimes do not follow this guidance - assigning 
instead an unqualified PM. Cither the CIO was not consulted on the selection, or they simply couldn't 
find a qualified PM. The E-Government Act assigns Agency CIOs the responsibility for planning and 
training their Agency's IT workforce. The Clinger-Cohen Act and the E-Government Act (Section 209) 
both require an Annual IT Workforce Assessment by the Federal CIO Council under the leadership of 
0MB and the Office of Personnel Management (0PM). This report has consistently stressed the need 
for additional training to develop more qualified PMs^. 

The Committee should consider whether it would be appropriate for Agency CIOs to have additional 
flexibility to help alleviate the chronic shortage of qualified PMs. Although there are human resources 
tools available such as direct hiring authority and tramsfers or details, additionally flexibility may be 
useful in adjusting existing policies to allow hiring a contractor to be the PM with the authority to 
direct other contractors. 


^ http://www.rai.gov/drupai/siles/defaulFfile5/FAC%20PPM%20Policy_12l613.pdf 
'' http.s://cio.gov/wp-content''uploads/dt)wnloads,t20l2/09./201 l_lTWCA_Resujts_Report_FinaI_5,3 1.1! .pdf 


5 



104 


3. Actively Engaged Project Executive 

3'he other person essential for the success of an IT project is the Project Executive (PE). Assigning a 
PE to an IT project is an Industry best practice. While the CIO is responsible for providing a qualified 
PM, the PE represents the organization that will pay for and use the IT system. The PE has two roles: 
overseeing the PM in all aspects of managing the project, and supporting the PM in interacting with the 
PE's organization by securing the cooperation and support of the organization. 

The government frequently disregards this mode! because of the appropriations process. The scenario 
is as follows: The CIO has the responsibility to manage the IT projects. An Assistant Secretary will 
request funding for a new program which includes the supporting I f systems. The Assistant Secretary 
wants to ensure “control and accountability” and therefore, appoints a PM, which is usually a member 
of the program team without the appropriate qualifications or PM certification for the scope and 
complexity of the project. 

The result is certain failure. Not only does the project not have a qualified PM, it also has an 
ineffective PE who is neither independent nor able to manage the PM. Because the Assistant Secretary 
has selected the PM - he is conflicted. Congress should consider the requirement that PMs work for 
the CIO of the organization versus taking all the budget/appropriations authority and giving it to the 
CIO. In this manner, the Assistant Secretary is still responsible for their portfolio and program 
outcomes but gains the experience and expertise of the CIO organization for implementation of IT 
systems. 

4. Mature Enterprise Architecture (EA) 

In the E-Government Act, Congress sought to enable agencies to align internally with the development 
of their enterprise architecture. Additionally, OMB sought to align the government as whole w'ith the 
efforts surrounding the development of the Federal Enterprise Architecture (FEA). These initiatives are 
not to just standardize hardware and software but to share and re-use investments. The issuance of the 
“Common Approach to Federal Enterprise Architecture,” seeks to address the use of EA to “include 
principles to help agencies eliminate waste and duplication, increase shared services, close performance 
gaps, and promote engagement among government, industry, and citizens.”’ 

By having a mature process involving the development of EA artifacts, the CIO sees the world “as it is” 
and “how it could be” and should establish the necessary transition plans to accomplish the outcomes 
necessary to support the agency mission. These artifacts should be used by OMB and Congress in 
order to ensure the outcomes are understood and adequately resourced. Therefore, departments and 
agencies should be required to submit as part of the Congressional Budget Justifications the appropriate 
artifacts to illustrate adequate planning for the “to be” architecture and transition plans that are 
reflected in their request. 

5. Requirements Management 

From an IT implementation standpoint, IT project failure happens all too frequently. Many speculate 
after the fact that the failure was due to complexity in the procurement, lack of testing, or lack of 


^ htlp:/,'\v\vw.whitehouse.gov/5ites/defau!FflIes,''omb/assets/egov_docs/common approach to fcderaEea.pdf 


6 



105 


requirements definition. However, most federal government IT project failures are due to inadequate 
management decisions. 

in private industry, ail levels of management are engaged reviewing data such as “earned value 
management” (EVM) in order to assess the project’s progress. By using such as tool, all levels of 
management become sensitive to the variances produced by early warning signs of impending schedule 
delays and cost overruns. This approach also allows individuals outside the project to see a 
standardized metric describing the cost and schedule performance of that particular project and 
compare it consistently with other projects. IT projects are particularly good at highlighting 
management failings because they require coordination between many different parts of the 
organization. 

EVM has evolved from an industrial engineering tool to a government and industry best practice, 
providing improved information to conduct oversight of acquisition programs. As such, it is guided by 
industry best practices and standard, and is required by regulations and requirements at the federal 
government as demonstrated by the TechStats and now the Portfolio Stats scvssions with 0MB. 

6. Public-Private Partnerships 

In order to address actual procurement issues and potential reform, the federal acquisition model needs 
to truly have a process which allows for shared risk between the government and the contractors 
supporting them. All too often, when an IT project fails, the contractor states the government failed to 
provide adequate requirements and the ‘finger pointing’ begins. All levels of both organizations need 
to be willing to be involved and understand the intricate aspects of management and implementation. 

Instead of revisiting the Federal Acquisitions Regulations (FAR) as whole, the public-private model 
should he re-evaluated allowing new models to be deployed within the federal government. Taking an 
example from the stale governments which is more of a “no-cost model.” it is possible to significantly 
reduces the risk of the project by having the service provider invest in the large up-front costs of 
building an IT system and manage the project through the entire life cycle. 

In states such as Oklahoma, Arkansas and Montana, online services are delivered at no cost to government 
agencies through a transaction-based, self-funding model. In this model, the contractor assumes the cost of 
building and managing services, and then the contractor recoups its investment through modest fees paid 
by citizens or businesses electing to use the service. This type of performance-based contracting approach 
ensures the contractor is motivated to quickly deploy service that citizens and businesses want to use. It 
also shifts financial risks from the government to the private sector. 

Currently, the Department of Transportation (DOT) is using this model to provide trucking companies with 
access to important driver safety data. Since 2009, over 2.5 million driver records have been accessed 
through a secure online service that costs DOT nothing to build, operate or maintain. It may be possible to 
apply this model across other federal government agencies. 

Similarly, the “share-in-savings” model has the contractor pay for the capital costs of things like energy 
efficiency projects. After negotiating a baseline, the contractor recoups its investments by sharing in the 
savings attributable to the reduced energy consumed. Not only does this reduce capital outlays otherwise 
borne by the taxpayer, it shifts the risk of project failure to the contractor. 


7 



Congress has granted certain agencies specific authorities to develop similar public-private partnerships 
and these should be expanded. The Committee should consider whether to encourage wider use by 
eliminating hurdles such as cost scoring and budget treatment of such collaborations, 

7. Need for Leadership at the Departments and Agencies 

The CIO is the person in the C-Suite who should have the capacity to translate technology issues into 
business-speak for the other business leaders. The CIO position is currently under scrutiny as the 
original purpose of the position is not necessarily working as envisioned both in private sector and 
government. Whether this person is the CIO or the Chief Risk Officer, Chief Innovation Officer, Chief 
Strategist, or some other “chief,” it is necessary to have a leader who can speak to senior executives in 
terms that are relevant to them, and can state the potential consequences in terms of political and policy 
values (e.g., public opinion, impact on promised level of service, unfavorable news stories, decline in 
earnings per share, etc.). Right now, the CIO is in the unique position to ensure that this happens and 
needs to provide the leadership in order to avoid the mistakes of the pa.st. 

Overall federal CIOs and commercial CIOs are similar — with the same job description: to be the 
technology savvy member of the executive team, to provide value through innovation, to manage data 
as a strategic asset, and to lead a team of technologists and enables organizational greatness. 

There is a widespread perception that the government is inherently incompetent at implementing IT 
systems - not just because of the recent high-profile failure, but because that follows a string of high 
profile failures. How'ever, I’ve also seen lots of IT projects that were tremendously successful - that 
delivered on time and within budget - that are helping the .American Government to serve the American 
people, and that did not get newspaper stories written about them. So rather than trying to prevent 
failure, we should promote success by implementing best practices, assigning qualified program 
managers, and monitoring with accurate metrics. I f is a neutral enabler for program delivery. Good 
management is nonpartisan, and can support all policies. 

Thank you for this opportunity to testify today. I look forward to answering the Committee’s questions. 



107 


The “7-S for Success” Framework: 


Manasin^ Uv and Out 

1 . Stakeholder Commitment and Collaborative 
Governance 

2 Skilled Program Manager and Team 

3. Systematic Program Reviews 
Manasin2 Across and Down 

4. Shared Technology and Business 
Architecture 

5. Strategic, Modular, and Outcomes-Focused 
Acquisition Strategy 


6. Software Development that is Agile 

7. Security and Performance Testing 
Throughout 



108 


Common IT Investment Acquisition Critical Success 
Factors 

1 Program officials were actively engaged with 
stakeholders 

2 Program staff had the necessary knowledge and skills 


3 Senior department and agency executives supported 
the programs 

4 End users and stakeholders were involved in the 
development of requirements 

5 End users participated in testing of system functionality 
prior to formal end user acceptance testing 

6 Government and contractor staff were consistent and 
stable 

7 Program staff prioritized requirements 


8 Program officials maintained regular communication 
with the prime contractor 

9 Programs received sufficient funding 


Source: GAO analysis of agency data. 






109 



Billions Wasted Buying 
Federal Contputer Systems 


investigative Report of 

Senator William S. Cohen 

October 12, 1994 


Si \\ op’p’illoe on Overs»jj!il of Gowoinment Mfinci'i' "■ n' 
Si niilp Governnienlol Connt’it'on 




110 






Ill 


Post-Hearing Questions for the Record 
Submitted to The Honorable Daniel Tangherlini 
From Senator Tom Coburn 

“Identifying Critical Factors for Success in Information Technologj' Acquisitions” 

May 8, 2014 

1) Arc the Information Technologj' Dashboard ratings for all of GSA’s investment 
complete and accurate? 

GSA Response: 

I'hc rr Dashboard ratings for all of GSA's investments are complete and accurate as of 
April 24. 2014. 1 he next Chief Inrormation Officer rating is scheduled to be updated in 
,lune. 

2) One of the TechStat reviews that the Office of Management and Budget conducted 
last year was on GSA’s Integrated Award Environment. 

a. What specific information was provided to OMB to facilitate this review? 

GSA Response: 

On May 23, 2013, the Office of Management and Budget (OMB) held a fechStat 
session with GSA to address concerns following the launch of the System for Award 
Management in .luly 2012, as well as a technically and fiscally sound path forward for 
the operation and enhancement of the Integrated Award Environment’s systems (see 
chart below). 

SA.M 3-Core API; Extracting common requirements from existing SAM 



Legacy SAM Ssrvkss/FunGttons 


b. Who participated in the TechStat? 
GSA Resnonse: 


1 


112 


The following officials participated in the TechStat session (The titles are appropriate 
to May 23, 2013): 

• Mr. Daniel Tanghcrlini, GSA Administrator 

• Mr, Thomas Sharpe, GSA FAS Commissioner 

• Mr. Sonny Hashmi, GSA Deputy CIO 

• Ms. Amanda Fredriksen, Acting FAS Assistant Commissioner, Integrated 
Award Environment, 

• Mr. Joseph Jordan, Administrator, Office of Federal Procurement Policy, 
0MB 

• Mr. Steven VanRoekel, Acting Deputy Director for Management, Federal 
Chief Information Officer, OMB 

c. What were the results of the TcchStat, including any specific decisions, or 
action items? 


GSA Response: 

The results of the May 23, 2013, TechStat session were that: 

1 . OMB concurred with GSA's approach of a "three-core .API" model that 
will be developed in a modular fashion; 

2. GSA developed a project plan, acquisition strategy, and an approach to 
developing requirements. 

3. OMB and GSA agreed on the need to stabilize leadership for the 
program and move quickly to develop and execute the operational plans 
needed for SAM.” 


Below is the overarching project plan provided: 

3 lAE Transformajtion Stages^ _ 


.1 I 1 


it ‘ j 1 ’ 
A'"Hv 


■o-f i 


Target State: 

• Identity & Access 
Managornont (ISAM) as 
a Service 

• Initial Application 
Pfogramming 
Interfaces (API) tiuitl 

• Common Services 
(ISAM, cloud liO'iting, 
data warehouse 
reporting & extracts, 
search) 

• SAM refocused 


Target State: 

• FBO functions 
moved to Pre-Award 
Core 

• New Entity 
Managc'inent Coro fOC 

• eSRS, rSRS. FBO 
dccommissionctt 

• Legacy SAM 
Infrastructure 
decommissioned 

• Capabilities added 
to Common Services 


Target State; 

•WOOL functions 
moved to Pre-Award 
Core 

• Post Award Coro 
deployed 

• Additional 
capabilities with 
Common Services 
including improved 
Data Warehouse 

•WOOL and FPDS- 
NG decommissioned 


Target State: 

♦CFDA functions 
moved to Pfc-Award 
Coro 

• Data Warehouse 
updated 

• All legacy systems 
decommissioned 


3) You’ve talked about the 18F initiative as an innovative way to start to change the 
way the federal government approaches information technology projects. 


2 



113 


a. Besides using the Presidential Innovation Fellows, what specific positions, 
including job scries and salary levels, will be utilized to staff this effort? 

GSA Response: 

18F has leveraged an "Innovation Specialist" job title at the GS 13, 14, and 15 Levels. 
Positions include, but are not limited to, designers, developers, product managers, and 
user experience (UX) professionals. The corresponding occupational series is 0301. 

b. How is able to hire the talent you need, given that so many agencies say they 
can’t hire adequate information technology-related staff? 

GSA Response: 

To date, the 1 8F program has used standard pay schedules and existing hiring 
authorities to build the team. GSA feels that an attractive mission and work that is 
highly valued across the organization can be an excellent recruiting tool for talent. 

GSA has worked to improve the time to hire for the 1 8F organization as long hiring 
times dissuade many highly qualified candidates from taking positions in both the 
private and public sector. Technical talent does not stay on the market long. 

c. What specific hiring authorities is GSA able to utilize to get the staff it 
needs? 

GS.A Response: 

GSA utilizes numerous existing hiring mechanisms to provide its programs with the 
staff that it needs. Primarily the hiring is done through Schedule A fellowship 
authorities. 

d. How many agency “clients” have signed on to this initiative at this point, and 
what projects will you work on with them? 

GSA Response: 

Currently. 16 agencies have made serious inquiries with 1 8F on projects that would 
benefit from the partnership. 8 of those agencies have either signed, or are in the 
process of signing, an interagency agreement. 18F is in various stages ofbusiness 
development on 24 projects across those agencies. 

4) Besides the 18F initiative, what kind of expertise docs GSA hax'c in house to help 
agencies develop information technology requirements better, not Just to contract 
for them? 

GSA Response: 

GSA partners with agencies in numerous ways to help Government develop better 
requirements. We form agency working groups in each of our technology program 
areas. Working group membership typically consists of 8 to 15 agencies often 


3 



114 


represented by acquisition, program, and technical staff. This group provides an ongoing 
forum for agencies to discuss needs, challenges, best practices, and lessons learned and 
around a specific type of IT/telecom. For instance, ITS has hosted or currently hosts 
agency working groups for cloud, satellite, wireless, telecom, mobility, software, identity 
management, and security. Wc also work closely with technology-focused industry 
associations in our research and planning and these discussions often include customer 
agency participation. These teams not only help GSA develop new government wide 
solutions but serve as a way for agency staff to receive input from industry experts. 

In addition, FAS offers training on requirements development using our contracts, we 
offer scope reviews, templates and technical expertise. If an agency needs more 
comprehensive support, the Assisted Acquisition Services (AAS) organization provides 
expertise to help agencies through value-added, customized, acquisition project 
management, and financial management services for large and/or complex Information 
Technology and Professional Services solutions. 

5) What steps need to be taken to improve the capabilities of the Integrated 
Technology Service specifically? 

GS.A Resnonse: 

The Interagency Strategic Sourcing Leadership Council chaired by 0MB has recently 
designated the GSA as the manager for the pilot information technology category under 
the new GSA category management approach. GSA is working with OMB to further 
define the specific role of the category manager but anticipates GSA as the category 
manager will work to reduce duplication in Federal IT contracts; provide analysis and 
advice with respect to smarter ways to buy IT; gather and analyze data on IT spending; 
and lead collaborative efforts across agencies to leverage the Federal government’s 
buying power in IT through ; standardizing terms and conditions across contracts for like 
items; providing a source of data and analysis on prices paid and spend, reducing total 
cost of ownership; and leading collaborative efforts across agencies who may be 
managing subcategories and/or conducting acquisitions for specific kinds of information 
technology. 

Agencies are asking for more technical expertise to help them improve how they buy and 
implement If. Emerging technologies such as cloud, mobile, and complex topics such as 
security and telecommunications are examples where agencies are asking for more 
help. As we develop the technical expertise we can also do more to help train agency 
staff in these areas. 

Meanwhile, GSA is working to develop a common acquisition platform that is intended 
to be a critical resource for Federal buyers. It will contain a variety oi tools and 
capabilities including governmentwide information and data on acquisition vehicles to 
help agencies make better buying decisions, provide access to market-specific (e.g., 
software, hardware, and telecommunications) intelligence, and prices paid. 


4 



115 


In addition to the governmentwide category manager role described above, GSA is also 
making internal shifts to a category management focus. For ITS, this means creating a 
strategy and organizing principle around IT markets. This will enable ITS to develop 
greater subject matter expertise in technology and serve as subject matter and acquisition 
experts to customers; increase transparency and provide Federal buyers access to 
purchase and pricing data; building data analysis capabilities for more enhanced decision 
making; and generate strategies that guide contract development using market drivers and 
savings levers. 


5 



116 


Post-Hearing Questions for the Record 
Submitted to Steven VanRoekel 
From Senator Tom Coburn 

“Identifying Critical Factors for Success in Information Technology 

Acquisitions” 

May 8, 2014 


t. In your view, what are ten highest risk information technology (IT) investments 
across federal agencies at present, and why? 

We are continuing work to identify the highest impact IT programs in the Federal 
Government. A program can be called high impact if it is critical to an agency's mission, 
is a Federal shared service or has national security impacts. Programs can also be defined 
as high impact if they are citizen-facing and have a broad public impact, such as SSA’s 
IT services modernization, which is working to bring more citizen facing services online 
or the IT systems that support Federal student aid and the census. Each one has varying 
degrees of risk, thus the Office of Management and Budget (0MB) would not label these 
as high-risk programs. Instead, recognizing that they are high-impact is important 
because it is crucial that 0MB and the agency with the IT program work collaboratively 
and engage proactively so that there is accountability, the proper governance is in place, 
and the agency is responsive to and delivering results to their customers. 

a. What steps are the Office of Management and Budget (OMB) taking, in 
con junction with the respective agencies, to help mitigate those risks? 

The agencies running high impact IT programs have the primary responsibility for 
identifying and mitigating any associated risks. OMB’s role includes oversight 
(such as using our convening power to connect agencies with best practices) 
reflecting program needs accurately in the President's Budget, and understanding 
the various policy frameworks around these investments to help agencies deliver 
functionality on time, on budget, and meeting expected needs. 

OMB meets regularly with the agencies running these investments and looks for 
evidence that they are implementing the fundamentals of effective IT program 
management. To do so, OMB asks questions, such as: 

• Is the agency getting feedback from the customers frequently? 

• Does the agency have skilled people managing the program and are those 
people empowered to make decisions? 

• Is the agency delivering small capabilities frequently or are they building 
larger systems? 

• Does the agency have security testing early in the development process? 

• Is the data open and available to people in the organization or the public? 



117 


By working through these and other questions OMB is giving feedback to 
agencies about how they plan, develop, and maintain their I F programs and what 
we have seen that was successful at other agencies. 

As mentioned in my testimony, OMB is also establishing a centralized digital 
services capability w'hich will work with agencies on these high-impact IT 
programs. The team w'ill consist of experts in a number of IT disciplines and will 
help agencies identify ways to design and deploy citizen-facing services. 

2. The Chief Information Officer (CIO) ratings on the IT Dashboard show that there 
are only 42 high-risk major IT projects, out of a total of 760 major projects. Is that 
number accurate in reflecting the number of high risk investments? 

The CIO rating is one indicator among many used to determine the state of an IT 
investment. There are many measurable indicators that help OMB and the agencies to 
gauge the health of an IT investment. The CIO rating is one, budget and schedule 
performance are others, customer satisfaction is yet another, and so on. 

The IT Dashboard currently has 759 major investments. OMB proactively engages the 
agencies managing the highest impact programs so that we can work with them tow'ard 
successful delivery. We want to work w'ith agencies up front so that inve.stments do not 
have unanticipated challenges which impact delivery, as it requires more effort and 
funding to remediate a program that is offtrack than it does to keep one on track. The 
intent is that agencies will icarn from this engagement and apply the strategies and 
techniques that we use on these high-impact programs to a wider variety of programs 
throughout their organizations. More broadly, OMB will work with agencies in 
PortfolioSlat to ensure that they are running the overall IT program well. 


3. GAO has reported that several agencies misclassify IT projects as ‘facilities’ or 
other non-IT investments, thus avoiding having them listed on the IT Dashboard. 
For example, the Department of Commerce and the Department of Energy removed 
their satellite and supercomputer investments, respectively, from the Dashboard by 
reclassifying them as non-IT. Please explain w hy satellites and supercomputers 
should not be counted and reported as IT investments on the Dashboard. 

The PortfolioSlat Integrated Data Collection Common Definitions, available to all 
agencies, lists the following definition for ff: - 

This term refers to any equipment or interconnected system or subsystem of equipment 
that is used in the automatic acquisition, storage, manipulation, management, movement, 
control, display, switching, interchange, transmission, or reception of data or information 
by an executive agency. IT is related to the terms capita! asset, IT investment, program, 
project, sub-project, service, and system. It also includes computers, ancillary equipment 
(including imaging peripherals, input, output, and storage devices necessary for security 
and surveillance), peripheral equipment designed to be controlled by the central 
processing unit of a computer, software, firmw'are and similar procedures, services 



118 


(including support services), and related resources; but does not include any equipment 
acquired by a Federal contractor incidental to a Federal contract (40 USC 11101 ); 
however OMB policy includes in this supercomputers, software for mission systems, 
telecommunications, and satellite signal processing. OMB recently re-clarified this 
subsequent to the issuance of the GAO Report to clear up any remaining ambiguity 
across the USG. 

4. The IT Dashboard lists 42 high-risk major information technology projects. Yet, 
GAO reports that there were only 2 OMB-led TechStat review' sessions in 2013. 

a. Have the agencies done their own TechStats for each of the 42 high-risk 
projects on the Dashboard? If so, w hen were the most recent TechStats 
completed for each? 

As part of OMB's 25 Point Plan to Improve Federal I f* , a template (known as 
the TechStat toolkit) was created as a way to transition TechStats to agencies. 

The agencies themselves are much closer to the actual performance of the 
investments and are better equipped to rapidly take decisive action if necessary. 

b. What specific information do the agencies provide to OMB w hen they 
conduct TechStats? 

After an agency performs a TechStat, they provide OMB w'ith the investment title, 
the date the TechStat was held, the reason for the TechStat, and the primary and 
secondary outcomes. 

c. What responses or direction does OMB provide to the agencies in response to 
the TechStat findings? Please provide examples. 

The outcome of 'fechStat reviews is one of the aspects of performance considered 
during PortfolioStat sessions. OMB considers the number of TechStat sessions 
held given the number of major investments, the outcomes oftho.se .sessions and 
how the internal TechStat processes relate to the Investment Review Board (IRB). 
One way that OMB monitors the use ofagencies TechStat processes is through 
PortfolioStat. In this year’s PortfolioStat session with ERA. for example, OMB is 
highlighting that EPA has not held a TechStat since May 2012 and recommending 
that EPA should engage struggling projects to identify root problems and 
implement corrective actions. 

5. OMB’s February 2014 Integrated, Efficient, and Effective Uses of Information 
Technology (lEEUIT) report identified $312 million in data center cost savings and 
avoidances for FY 2012 and FY 2013. For that same period, agencies reported to 
GAO cost savings and avoidances totaling SI. I billion. 


https://cio.gov/\vp-contenl/'uploi\d.s/down!oads/20i2/09/25-Point-!mplementation-Plan-to-Reform"Federal-IT.pdf 



119 


a. What accounts for the discrepancy? 

0MB is unable to confirm or validate information provided by agencies to GAO. 
Our understanding is that the information provided to GAO by agencies includes 
dated information about planned savings estimates generated at varying points in 
the past. GAO engagements on data center consolidation, past and present, occur 
in between agency reporting cycles to OMB and therefore information contained 
within is only a “point in time” measure. OMB has stated that data center 
optimization and consolidation, the supporting elements, inventorying agency data 
center assets, and requiring data center consolidation to be a part of agency 
information Resources Management (IRM) Strategic plans and agency enterprise 
roadmaps, working with agency components and bureaus to optimize and 
consolidate their data centers consistent PortfolioStat and the FDCCI key 
performance indicators, is an ongoing, iterative process. OMB works continuously 
with agencies to gather the most up-to-date information regarding cost savings and 
avoidances for data center consolidation, as well as other Federal IT Reforms, to 
report that information in the quarterly Portfolio integrated Data Collection (IDC). 
OMB then works to validate that information with agencies and validated 
information is reported quarterly to Congress via the Information Technology 
Oversight & Reform (ITOR) Report. 

b. What incentives do agencies need to fully report cost savings and avoidances 
to OMB? 

Agencies have not reported any need for additional reporting incentives. In fact, 
OMB has been collecting figures on cost savings and cost avoidance from agencies 
quarterly as part of the PortfolioStat Integrated Data Collection. 

6. GAO has identified the following open recommendations from recent reports on 
federal information technology management. For each of the recommendations 
listed below, please indicate whether OMB plans to implement the recommendation 
and the date by which the required actions will be completed. If OMB does not plan 
to implement the recommendation, please indicate the reason why. 

a. Information Technology Dashboard: 

That OMB make accessible regularly updated portions of the public version 
of the Dashboard (such as CIO ratings) independent of the annual budget 
process. 

That OMB analyze agency trends reflected in Dashboard CIO ratings, and 
present the results of this analysis with the President’s annual budget 
submission. 

OMB agrees with these recommendations and is working to develop increased 
capabilities within the IT Dashboard. These capabilities will likely affect how 
agency IT performance is measured and managed and will provide a new level of 



120 


transparency. The modular approach to develop and deliver these capabilities is 
already underway. 

b. TechStats: 

That OMB require agencies to conduct TcchStats for each IT investment 
rated with a moderately high- or high-risk CIO rating on the IT Dashboard, 
unless there is a clear reason for not doing so. 

OMB works on a continual basis with agencies to conduct TechStats, be they led 
by the agency or by OMB itself. Additionally, as part of the Smarter IT Delivery 
Initiative, OMB is reshaping the delivery of information technology already 
underw ay, as well as introducing new approaches and tools to transform the 
Government IT landscape. To do this, we are focused on a three-part agenda 
focused on providing the Federal Government with: (1) the best talent working 
inside Government; (2) the best companies working with Government; and, (3) 
the best processes in place. 

As part of the last pillar, OMB has evolved PortfolioStat in FY 2014 to not only 
include driving efficiencies by measuring progress on strengthening IT portfolio 
management and consolidating commodity IT through the analysis of the IT key 
performance indicators, but PortfolioStat will also focus on IT effectiveness by 
identifying and assessing high impact investments. In doing so, PortfolioStat will 
drive progres.s on the President's Management Agenda by focusing on having 
critical IT investments deliver their intended impact w'hile meeting customer 
needs. 

This blended approach applies lessons learned from the TeehStat model, which is 
largely reactive, and applies it in a proactive lens such that the Federal 
Government deliver important IT investments on cost and on time, with the 
intended functionality that the customer needs and e,\pects. 

That OMB require agencies to report to OMB on efforts to validate the 
outcomes, cost savings, and cost avoidances resulting from TeehStat ,session.s; 
this information should be summarized when OMB reports on government- 
wide outcomes. 

Where relevant, cost savings from TechStats outcomes are reported to OMB by 
agencies quarterly via the PortfolioStat Integrated Data Collection (IOC). OMB 
then W'Orks to validate that information with agencies and validated information is 
reported quarterly to Congress on a quarterly basis via the Information 
Technology Oversight & Reform (ITOR)* Report. 


’ Previously known as the 1EF,UIT Report. 



121 


c. Data Centers 

That OMB ensure that all future revisions to the guidance on data center 
consolidation inventories and plans are defined in OMB memorandum and 
posted to the FDCCI public website in a manner consistent with the guidance 
published in 2010. 

All material related to the FDCCI is available at 

cerilcr-consolidaiioii'. 

That OMB track and annually report on key data center consolidation 
performance measures, such as the size of data centers being closed and cost 
savings to date. 

The size of data centers being closed is available on Data.gov at: 

lni[y,:te\pl(ue.data.gov d-edcral-GovcrniTieiit -l-'inaiices-aiid-FiTiploymciiiTedcral:: 

r)ni,i-Cciilcr-(~onsolida tion-lniliative-i'D('CI /d5mii-4c-t7. 

Cost savings from data center consolidation, as w'ell activities related to data 
center consolidation (for example work to optimize servers, networks, or storage) 
via PortfolioStat. are reported to OMB by agencies quarterly via the PortfolioStat 
Integrated Data Collection (IDC). OMB then works to validate that information 
with agencies and validated information is reported quarterly to Congress on a 
quarterly basis via the Information Technology Oversight & Reform (ITOR) 
Report. 

d. PortfolioStat 

That OMB require that agencies (t) state what actions have been taken to 
ensure the completeness of their commodity IT baseline information and (2) 
identify any limitation with this information as part of integrated data 
collection quarterly reporting. 

OMB acknow'ledges the value in ensuring the completeness, and in understanding 
the limitations of agcncy-produccd artifacts. However, given the scope oi agency 
data submitted to OMB, OMB must therefore depend on agency processes to 
produce quality and complete information, it is important to note that the 
commodity IT baseline was simply one component of the FY 20 1 2 PortfolioStat 
process, and OMB must prioritize when verifying agency information. OMB will 
continue to dedicate resources to validating agency savings associated with 
Federal IT reform efforts prior to presenting these savings to Congress, These 
reported savings include commodity IT consolidation, I his savings data is 
reported to OMB quarterly through the integrated data collection and agencie.s 
.should include any possible lirnitation,s to its completeness or accuracy in the 
savings description at time of submission. However, OMB encourages agencies 
to only report finalized cost savings and avoidance decisions. Where there are 



122 


any discrepancies or questions regarding the reported savings, 0MB follows up 
directly with the agency. 


Moreover, 0MB recognizes that limitations are inherent in all self-reported data. 
In order to address this issue, last year OMB modified its analytical process to cite 
these limitations in its PortfolioStat reports. This year, we have further refined our 
processes to include data quality reports on all data used in the PortfolioStat 
sessions and by documenting our methodology in all reports and related material 
given to agencies as part of PortfolioStat. 

That OMB improve the transparency of and accountability for PortfolioStat 
by publicly disclosing planned and actual data consolidation efforts and 
related cost savings by agency. 

When PortfolioStat savings are identified, they are validated with agencies and 
OMB then reports these savings to Congress through the quarteriy report on the 
Information Technology Oversight and Reform (ITOR) fund. OMB is currentiy 
working with agencies through the Federal CIO Council on releasing all KPI 
metrics used in PortfolioStat in FY 2014 as well as the FDCCI optimization KPls 
and savings futures that OMB provides in the ITOR report to Congress. 


7. Has OMB ever withheld funding from new programs that aren’t adequately 
implementing incremental development? Please provide specific examples. 

Incremental development practices, which are broadly part of agency software 
development lifecycle approaches, are one of many components of agency IT budgets 
which OMB evaluates each year. Budget decisions around IT take into account their 
incremental development practices as well as a suite of other things agencies need to do 
in order to deliver capabilities and .services to their customers. More importantly, 
incremental is only one of many software development methodologies. And while recent 
best practices have shown the value that agile and incremental approaches can bring to 
delivering a solid product and mitigating risk, the efforts to evolve agency teams, and 
respective contracts, skilisets and cultures to this approach is a multi-year journey which 
will evolve over time. 

8. Microsoft stopped providing patches for Windows XP in April. Yet, many federal 
computers continue to run Windows XP, and may do so for some time. 

a. Docs OMB maintain an awareness of where agencies are in phasing out 
Windows XP? 

The role of OMB in this area is to set government-wide Federal IT policy, 
monitor Federal IT budgets, and help coordinate cybersecurity efforts. Each 
Federal agency CIO is responsible for making sure the breadth of their systems, 
devices and solutions are up to date and secure, and meet government-wide 
guidelines. We have been fully aware of the Windows XP issue and have been 
working wdth agencies to address it, including updating government-wide 



123 


guidance in 201 3 to remind agencies focused on migrating away from 
unsupported or outdated systems. From our dialogues with agencies, including 
discussions at Federal CIO Council meetings, we have received no indication that 
agencies require any additional OMB intervention at this time, as they are already 
working and making progress on addressing the matter. Also, an aspect of the 
DHS Continuous Diagnostics and jVIitigation program is the ability to provide 
visibility into each agency's performance with respect to legacy operating 
systems. 

b. What is the status of each agency, and can that be shared with the 
Committee? 

Agencies have made significant progress in moving off Windows XP and the 
Federal Government is ahead of the private sector in this regard. There are cases 
w'here agencies have made a risk-based decision to continue operating XP, and 
have put in place contingency plans to ensure that the risks associated with 
maintaining XP are mitigated. 

c. Last week researchers revealed an exploit that targeted Internet Explorer. 
What role did OMB play in federal agencies’ reactions to that vulnerability? 

When vulnerabilities are discovered, the U.S. -Computer Emergency Readiness 
Team (CERT) issues an alert to all agencies of the risk and the amount of time an 
agency should plan in order to test and deploy a change to avoid or mitigate the 
risk. OMB monitors the agencies when necessary through oversight initiatives 
such as PoitfolioStat and CyberStat. When issues are identified with an agency, 
OMB conducts a dedicated review with the agency in conjunction with DHS to 
identify and establi.sh remediation plans. 

d. The U.S. Computer Emergency Readiness Team (US-CERT) recommended 
users stop using Internet Explorer until it was patched. Did federal agencies 
follow this advice? How? 

Each agency must consider the risk posed by the software it uses within its 
organization and make a decision. Consistent with the Federal Information 
Security Management Act (FISMA), agencies follow the National Institute of 
Standards and Technology’s Risk Management Framework (RMF)’ to secure 
Federal systems and data. The RMF instructs agencies to take a comprehensive 
approach, considering a multitude of factors, including, patch management. Thus, 
the decision about what software to use within an agency is made by the agency 
itself. While DHS and OMB may provide guidance, agencies are required to make 
risk-based decisions, and as long as they are aware of the risks imposed, they can 
make a decision that meets the agency’s needs. 


’ http://csrc.tiist.gov./publications/nistpubs/800-37-revl/sp800-37-revl-final.pdf 



124 


e. I understand the Infernal Revenue Service and possibly other agencies have 
made financial arrangements with Microsoft to continue to receive patches 
and updates for XP. How much overall are federal agencies spending to 
maintain support of this obsolete operating system? 

OMB does not possess nor has it collected this data. 



125 


Post-Hearing Questions for the Record 
Submitted to Steven L. VanRoekel 
From Senator Claire McCaskill 

“Identifying Critical Factors for Success in Information Technology 

Acquisition” 

May 8, 2014 

You talked at the hearing about moving federal IT procurement to small, continuous 
system updates rather than large, systemic overhauls. You made the analogy that, ever)- 
time someone signs on to Facebook or Amazon, that person is likely looking at a new 
version of the website even if the person does not realize it. But Facebook and Amazon 
originally set up systems that were far more advanced than many of the federal 
government’s legacy IT systems, and therefore easier to update. In some cases the federal 
government is still looking for an IT solution to a paper-based system like the Office of 
Personnel Management’s (OPM) federal retiree benefit system. 

1) How do you put the government in a position to make those smaller continuous 
updates when we’ve already fallen so far behind, or, in many cases, have not even 
transitioned to IT-based solutions’.’ 

Federal agencies have traditionally taken a multi-year “grand design” approach for 
developing, modernizing, and enhancing investments in IT, This approach is grounded in 
the common notion that responsible development necessitates a full detailing of 
requirements before work can start. Although a seemingly reasonable assumption, 
practical evidence and private sector experience has shown that large and complex IT 
implementations often encounter cost and schedule overruns, as the painstaking process 
of requirements gathering too frequently takes years to complete. Subsequently, agencies 
lose visibility into the performance of these multi-year IT development inve.stments, 
which alTects their ability to implement corrective actions that reduce risk or mitigate 
financial exposure. The government increases inve.stment risk in these situations because: 
(1) the rr solutions that had once addressed agency requirements may no longer be 
pertinent or a priority; (2) substantial funds are allocated towards outdated solutions 
without any returns on the investments; or (3) agencies encounter budgetary constraints 
before substantive work is completed. 

To help resolve these issues, we released modular develoinncnl and conlraciiiic uiiiduncc^ 
to improve the development of solutions that can be defined, developed, and deployed 
within months instead of several years. 

In the future, we will also be releasing a “Digital Services Playbook” to share best 
practices for effective IT service delivery in government. This playbook will build on 


4 

This guidance is available ai http://wvvw.whitehouse.gov/sites./defaull/files/bmb/procuremenTguidance/modular- 
approaches-for-inforrnation-lechnology.pdf 



126 


successes both within and outside government and will guide both technical and business 
owners within agencies. It will include best practices for building modern solutions 
across the implementation of the technology, how to measure customer input and manage 
customer expectations, and how to share solutions across government. 

2) Are you aware of any plans by OPM to attempt another transition from its paper- 
based process for federal retiree benefits to an IT solution? If so, do you know 
where OPM in the process? Do you believe that this is something that can be done 
in smaller pieces to make it more manageable? Is OMB involved in the procurement 
process at all? 

The Office of Personnel Management (OPM) recognizes the need for urgent action to 
reduce the retirement backlog and has made substantial progress. As of May 20 1 4. 
OPM's claims have fallen to below 15,000 — dowm from 44,679. as reported in ,iuly of 
20 1 2'\ This backlog reduction was accomplished through: 

• Human capital realignment (adding staff, examining work distribution and 
utilizing existing staff with greater efficiency); 

• Process improvements (improving metrics to better capture production efforts, 
creating performance incentives and employing mitigation strategies for poor 
performance); 

• Partnering with agencies (training agencies in efficient file preparation and 
improving communication through liaison relationships); and 

• IT improvements (leveraging automation including: empowering retirees to 
manage their accounts online and automating data collection from payroll 
providers). 


The overarching goal was to shift OPM's efforts away from "paper-pushing” and focus 
on efficient, timely customer service, aided by automation. As stated in the hearing, 

OPM is working to put a case management system online by the end of fiscal year 2015. 
Where possible, OMB supported OPM is this effort by providing information drawn from 
cross-government and industry best-practices. OMB will continue to support OPM until 
the backlog is effectively eliminated. 

3) Who generally manages major IT acquisition programs? Arc they run by the 
manager in charge of the program or someone with IT expertise? 

.‘\ll major iT acquisition programs fall under OMB's IT budget guidance requirements for 
major IT investments (see i 'V 2016 I f Btiduet - Ca pital Plai mina (iuidanccy'. Included 
in this guidance are the Major IT Business Case and Major !T Business Case Details, 


^ Sciurce; K.h ,•> i 
The guidance is avaiiabie for download at 

htlp://www,vvhitehoiise.gov/sites.'defaiill/ri!es.iomb./assets/'egov_docs/fy_20l6_giiidance 0627201 4, pdf 



127 


which are documents intended to provide the budgetary and management information 
necessary for sound management and governance of IT investments. These documents 
require agencies to impiement IT reforms such as the requirement to establish in 
Integrated Program/Project Team (IPT) prior to funding an IT investment. The IPT 
requires a full-time prograni/project manager and an IT acquisition specialist to be in 
place for all major IT acquisition programs. The purpose of this requirement is to help 
those who manage major IT acquisition programs understand the business requirements 
as well as the technical requirements. 

To help strengthen the skills and development of Federal program/project managers, the 
Federal Acquisition Certification (FAC) for project/program managers was issued in 
.April 2007. This program requires appropriate certification for all acquisition 
program/project managers, specifies training requirements, and outlines the level of 
experience required of senior-level program/project managers. Revisions to the Iwckyrii] 
c’ryjicjui.qjll, which were issued in December 20 1 3 and became effective 
March 3 1 . 20 1 4. update the certification program to allow for better management of high- 
risk programs and added a core-plus specialization certification in the area of IT. This 
Infonuation IcchnolouN Core-Plus Competency Model identifies the minimum 
competencies required to specialize as a federally certified program/project manager 
performing acquisition of IT capital assets. The specialization is based on the technical 
competencies identified in the 2210 series (.jo!Tgiyylenc\_M!Mc!J^i^^^^^^ 

M-atiaSsTliynji ons of the initiatives from the 23 Poiiil Impleineiitatioii Plan to Reform 
l ederal liiliirmalioii Technology Mana gement'. 

4) Is there a mechanism to ensure that someone with know ledge of IT systems is 
assisting in drafting the requirements and involved in the test and evaluation 
phases? If not, how can we ensure that requirements for a procurement and 
management of the procurement involve personnel that actually understand the 
technology that w'e arc seeking to procure? 

The successful delivery of IT programs requires business process owners who have a 
clear vision of the problem they are solving, IT professionals who understand the full 
range of technical solutions, and acquisition professionals who plan and procure the 
needed labor and materials. 

To ensure that teams with the appropriate expertise are involved in procuring IT systems, 
OVIB issued guidance requiring an Integrated Program/Project Team led by a dedicated, 
full-time program manager and supported by an IT acquisition specialist, to be in place 
for all major I f programs. To fulfill this requirement, agencies have been mandated to 


Memo available at http://w\vvv.\vhitehouse.gov/sites/defau!t/fiies/omb/procurement/memo/fac-ppm-revised-dee- 
2013.pdf 

.Available at http:ywvvw.chcoc.govvtransmittals/TransmittalDetails.aspx?Transmittal!D=40.S8 


The plan is available at lutps://cio.gov/wp-content/uploads/downloads/20l2/09/35'Point-Jmplenientation-Plan-to- 
Reform-Federai-lT.pdf 



128 


provide the names and contact information for Integrated Program Teams members for 
all major FI' investments as part of its O.MB Circular A-l 1 Majo r IT Business Casc^*' 
(formerly Exhibit 300) submissions since FY 2013. The Integrated Project/Program 
teams should consist of an IT Project or Program Manager (PM), business process 
ovvner/SubJect Matter Expert (SME), Contracting Specialist, IT Specialist and IT Security 
Specialist. 

5) How do you ensure that this is a priority for agencies, and that agencies continue to 
fund .small scale IT updates even though the benefits are hard to measure and 
demonstrate? 

As part of the annual budget process, OMB works with agencies to assess how they plan, 
acquire, architect, build, develop and operate IT systems, including "small scale” IT 
updates. In recent years, OMB has issued annual guidance which requires the delivery of 
IT functionality at intervals no more than six months", which enables the proper 
discussion over the benefits of planned functionality and any associated return on 
investment. 

6) What can Congress do to focus senior executives on the ty pes of continuous IT 
updates so that we don't find ourselves in situations where large-scale overhaul 
projects become necessaiy ? Arc there incentives that can be put in place to ensure 
that this occurs? 

The most important thing is for both the Executive and Legislative Branches to 
acknowledge and amplify the importance of technology as a strategic asset to 
Government operations. In the past, an agency or institution could decide whether or not 
it wanted to use technology to create a capability. Today, the landscape has changed, and 
technology is the foundation for the vast majority of everything we do in the world. The 
rate of the change in technology, generally speaking, evolves more quickly than other 
fields. As a result, there is a constant and urgent need to get the best people, best 
companies and best processes (as our Smarter IT Delivery effort is doing) to design and 
deploy technology that is responsive to customer needs in Government. These things are 
needed in every agency, no matter the mission, no matter the program, no matter the size. 

That being said, there are some general tenets that senior executives can keep in mind as 
they work with their Department CIOs to avoid challenges with large-scale projects: 

Governance - As OMB M- 13-09 (EY 1 3 PortfolioStat) slates, "IT solutions are most 
effective when they result from a strong partnership between program and mission 
officials and empowered CIOs. Program and mission officials are responsible for 
understanding customer needs and establishing business requirements. Agency CIOs 
must support mission programs by providing secure and effective commodity IT and 


^ ' The Major IT Business Case guidance starts on page 21 ofthe FY 2016 Guidance available at 
http:/,'wwvv.whitehoiise.gov/sltes/default/llies/omb/assets/egov_docs/fy_2016_giiidance.pdf 

^ ^ http://vvwvv.whitehouse.gov/sites/defaulL‘Tiles/omb/assets/egov_docs/fy_20 1 6_guidance_062720 i T.pdf 



129 


business systems that take enterprise needs into account.” Further, PortfolioStat and 
TechStats have demonstrated challenges with large scale technology deployment that are 
rarely technology issues alone. In order for any technology deployment to work, there 
must be an integrated program team composed of technology, program and mission, 
acquisition, legal, regulatory (if necessary) and human capital offices which constantly 
work to ensure that the technology deployment is responsive to the intended customer 
and responsible to the interests of vested stakeholders. Agencies should seek to ensure 
their Department-level as well as bureau investment review boards include accountable 
officials across their agency in these roles, which review the cost, schedule, performance 
and effectiveness of the agency’s IT portfolio on a continual basis. 

Investment Focus ~ For too long, the Federal Government has viewed IT merely as a 
cost, not as a strategic asset. Further, budget processes have de-emphasized the role IT 
played, and looked to IT cuts as an easy way to reduce agency expenditures. But as the 
private-sector has demonstrated, and as we are beginning to do in government, the 
strategic use of IT provides a competitive advantage by improving delivery of services, 
creating value, and optimizing operations. The Federal Government must further its 
efforts in applying the same rigor to IT. This means developing and using valuation 
models that drive return-on-investment and applying accounting concepts like 
depreciation and amortization to inform and optimize technology refresh cycles. CIOs 
must be investment owners, empow'cred to make business-focused, value-based 
decisions. 

Innovate with Less - It is important we view' our current fiscal situation as an 
opportunity to fundamentally rethink how we approach technology. Consider, for 
example, the fact that more than half of the Fortune 500 companies were founded during 
an economic downturn,'* In tough times, visionaries and risk-takers tap into 
underutilized human capital, technology, information, and other resources, picking up the 
pieces to transform them into something completely new. By making use of lightweight, 
emerging technologies, opening our data to leverage an army of citizen developers, and 
adopting agile methodologies, we can increase the quality of service while curbing costs 
- in effect, we can innovate with less. 


'■ ]utp:,'/\v\v\v,econoinisi.convnode.''2 1542390 



130 


Post-Hearing Questions for the Record 
Submitted to David Powner 
From Senator Tom Coburn 

“Identifying Critical Factors for Success in Information Technology Acquisitions” 

May 8. 2014 

1 . GAO has recommended that the Office of Management and Budget (0MB) implement 
mandatory, standardized, initiative-wide cost-savings metrics for the Federal Data 
Center Consolidation Initiative (FDCCI), Does OMB’s FY 2014 PortfolioStat guidance 
(or any previous guidance) implement this recommendation? If not, has 0MB 
provided you with an explanation? 

OMB has not yet developed and implemented metrics to track and report on agencies’ 
progress in achieving cost savings, as we have previously recommended. OMB’s fiscal year 
2014 PortfolioStat guidance' contains a set of data center performance metrics, but these 
measures do not address savings. 

In 2013, we reported^ that OMB had not determined a consistent and repeatable method for 
tracking consolidation cost savings and subsequently recommended that it track and 
annually report on key data center consolidation performance measures, such as cost 
savings to date. OMB concurred with this recommendation. However, these new metrics, 
consistent with OMB’s fiscal year 2013 PortfolioStat guidance^ and statements from OMB 
staff from the Office of E-Government and Information Technology, focus on measuring data 
center optimization rather than consolidation savings. Specifically, OMB’s fiscal year 2013 
guidance states that, to more effectively measure the efficiency of an agency's data center 
assets, agencies would be measured by the extent to which their data centers are optimized 
for total cost of ownership by incorporating metrics for data center energy, facility, labor, 
storage, virtualization, and cost per operating system. 

While we have not yet discussed the May 2014 metrics with OMB, in 2013 OMB staff told us 
that while OMB recognized the importance of tracking cost savings and was working to 
identify a consistent and repeatable method for tracking cost savings, there was no time 
frame for when this would occur. We have ongoing work for this committee evaluating the 
extent to which agencies have achieved planned cost savings through their consolidation 
efforts and identifying agencies’ notable consolidation successes and challenges. We 
expect to issue our report this fall. 

2. GAO has repeatedly recommended that OMB clarify guidance on what projects 
should be included on the Information Technology Dashboard. Does OMB’s FY 2014 
PortfolioStat guidance (or any previous guidance) implement this recommendation? 
Please explain why clearer guidance is necessary. 


'OMB, Fiscal Year 2014 PortfolioStat. Memorandum M-14-08 (Washington, D.C.: May 7, 2014), 

^Data Center Consolidation: Strengthened Oversight Needed to Achieve Cost Savings Goal. GAO-1 3-378 
(Washington, D,C.; Apr. 23, 2013) 


'’OMB, Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management. Memorandum M- 
13-09 (Washington, D.C.: Mar, 27, 2013). 


1 



131 


OMB’s fiscal year 2014 PortfolioStat guidance" does not clarify what should be included on 
the IT Dashboard. The Dashboard serves an important role In allowing 0MB and other 
oversight bodies to hold agencies accountable for results and performance. For example, 
OMB uses CIO ratings from the Dashboard, among other sources, to select at-risk 
investments for reviews known as TechStats.^ However, while a May 2014 addendum to 
OMB’s fiscal year 2016 IT Budget Guidance® does note that OMB policy on IT includes 
“supercomputers, software for mission systems, telecommunications, and satellite signal 
processing,” a lack of transparent reporting by agencies increases the risk of OMB not being 
able to fulfill its oversight responsibilities. 

Through a series of reports on this subject, we have highlighted deficiencies with agencies’ 
identification of investments for inclusion on this important transparency tool. In September 
2011, we reviewed OMB’s guidance to agencies for reporting their IT investments and found 
that this guidance did not ensure complete reporting,' Specifically, we found that OMB’s 
definition of an IT investment was broad, and that the 10 agencies we evaluated differed on 
what systems they included as IT investments. Consequently, we recommended that OMB 
clarify its guidance on reporting IT investments to specify whether certain types of 
systems — such as space systems — were to be included. OMB did not agree that further 
efforts were needed to clarify reporting in regard to the types of systems. Two years later, in 
December 2013, we found that agencies had removed investments from the Dashboard by 
reclassifying their investments,® Specifically, the Department of Energy reclassified several 
of its supercomputer investments from IT to facilities and the Department of Commerce 
decided to similarly reclassify its satellite ground system investments. We noted that these 
recategorizations run contrary to the Clinger-Cohen Act of 1996,® but a staff member from 
the Office of E-Government slated that OMB could not stop agencies from making such 
recategorizations and that OMB had no control over such decisions. Among other things, we 
recommended that agencies appropriately categorize IT investments. OMB neither agreed 
nor disagreed with this recommendation. 

In the absence of clear guidance from OMB and absent oversight efforts to ensure that 
agencies are transparently reporting the performance of all their IT investments, there will 
continue to be a risk of Insufficient IT investment oversight, of agencies making inefficient 
and ineffective investment decisions, and of Congress and the public being misinformed 
regarding the performance of federal IT investments. 


"OMB, M-14-08, 

®TechStat sessions are face-io-face meetings to terminate, halt, or turnaround IT investments that are failing or are 
not producing results, 

®OMB, FYU IT Budget - Capital Planning Guidance (May 23, 2014), 

^GAO, Information Technology: OMB Needs to Improve Its Guidance on IT Investments, GAO-11-826 (Washington, 
D.C,: Sept, 29, 2011). 

®GAO, IT Dashboard: Agencies Are Managing Investment Risk, but Related Ratings Need to Be More Accurate and 
Available, GAO-14-64 (Washington, D.C,: Dec. 12, 2013). 

^Clinger-Cohen Act of 1996 (40 U.S.C. § 11101(6)). 


2 


O 



